The infamous LockBit ransomware (opens in new tab) gang has updated the code of its encryptor once again, cybersecurity researchers are saying.
Multiple cybersecurity groups have confirmed that LockBit is now using an encryptor called LockBit Green, which analysts say is based on the Conti ransomware source code leaked in 2022.
The reasons for the switch are purely speculative at this point, as all researchers agree that the former version - LockBit 3.0 - worked just fine. One possible explanation is that since Conti’s demise, many cybercriminals joined LockBit and feel more comfortable using their old source code.
Leaked source code
Whatever the reasons, so far five victims have been confirmed. We don’t know if the ransom demand has changed.
Conti was one of the most popular ransomware variants in the months leading up to Russia’s invasion of Ukraine. However, in the first few days of the war, the cybercrime group voiced its support for the Kremlin, posting a message on its website that any groups going after Russia’s infrastructure will face retaliation.
After that, it faced major backlash from the underground community, so much so that one hacker leaked multiple versions of the Conti encryptor source code, as well as tens of thousands of messages shared between the group’s members.
In May 2022, Conti was reportedly shut down as an operation, and switched to a more decentralized system in which multiple “smaller” groups operated independently.
Ransomware continues to be one of the most disruptive and damaging forms of cybercrime. Microsoft recently stated that it tracks more than 100 ransomware groups, using more than 50 different ransomware variants to extort money out of their victims. Law enforcement agencies warned victims not to pay the ransom, as not only does that not guarantee getting the data back, but also motivates the crooks to engage in additional attacks.
- Here's our rundown of the best endpoint protection (opens in new tab) services right now
Via: BleepingComputer (opens in new tab)