LockBit is back, with a new ransomware source code

LockBit starts the new year with a freshly updated source code

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The infamous LockBitransomwaregang has updated the code of its encryptor once again, cybersecurity researchers are saying.

Multiple cybersecurity groups have confirmed that LockBit is now using an encryptor called LockBit Green, which analysts say is based on the Conti ransomware source code leaked in 2022.

The reasons for the switch are purely speculative at this point, as all researchers agree that the former version - LockBit 3.0 - worked just fine. One possible explanation is that since Conti’s demise, many cybercriminals joined LockBit and feel more comfortable using their old source code.

Leaked source code

Whatever the reasons, so far five victims have been confirmed. We don’t know if the ransom demand has changed.

Conti was one of the most popular ransomware variants in the months leading up to Russia’s invasion of Ukraine. However, in the first few days of the war, the cybercrime group voiced its support for the Kremlin, posting a message on its website that any groups going after Russia’s infrastructure will face retaliation.

After that, it faced major backlash from the underground community, so much so that one hacker leaked multiple versions of the Conti encryptor source code, as well as tens of thousands of messages shared between the group’s members.

Conti ransomware group officially shuts down - but probably not for long>Conti ransomware group has internal chats leaked after siding with Russia>Remove viruses and ransomware with the best malware removal

In May 2022, Conti was reportedly shut down as an operation, and switched to a more decentralized system in which multiple “smaller” groups operated independently.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Ransomware continues to be one of the most disruptive and damaging forms of cybercrime.Microsoftrecently stated that ittracks more than 100 ransomware groups, using more than 50 different ransomware variants to extort money out of their victims. Law enforcement agencies warned victims not to pay the ransom, as not only does that not guarantee getting the data back, but also motivates the crooks to engage in additional attacks.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I’ve been covering Apple Watch deals for years – This is the one model most people should buy on Black Friday