Someone has leaked the latest version of the LockBit encryption program to the internet, and while it may seem like a hacking and data theft at first, a public representative of the ransomware operator claims that it is in fact the work of a disgruntled developer.
A brand new Twitter account called Ali Qushji claimed that their team hacked LockBit servers and found a constructor to encrypt LockBit 3.0 ransomware. The VX-Underground malware source code library joined after the tweet, saying that on September 10 they were contacted by a user named “protonleaks” with the same content.
The same source also said LockBitSupp, a public representative of Operation LockBit, confirmed that it was not the work of a hacking group, but rather a disgruntled developer unhappy with the leadership of the ransomware operator.
Upset with leadership
“We contacted the Lockbit ransomware group about this and discovered that the leak was a developer hired by the Lockbit ransomware group,” VX-Underground tweeted (and then removed the tweet). “They were upset by Lockbit’s leadership and leaked from the constructor.”
A hissing computer has since confirmed the authenticity of the leak, stating that a constructor for the LockBit 3.0 encryption program codenamed LockBit Black has leaked. The version, which was in testing for the two months leading up to June, included a host of new features, including anti-analysis, bug bounty ransomware, and new extortion methods.
The leak from the wizard does not mean that whoever gets infected with LockBit can now easily decrypt the intercepted data. Instead, it means other cyber criminals can easily compile their own versions by adjusting various configuration options, ransom note, and other details. While this may harm LockBit’s business to some extent, it also means that organizations may soon be confronted with even more varieties of ransomware.
This is not the first time that an encryption program’s source code has been leaked onto the web. In the early days of Russia’s invasion of Ukraine, a hacker exposed the source code of Conti, the ransomware group that publicly supported the invasion at the time.
By: A hissing computer (opens in a new tab)