Scary Lockbit ransomware leaked after dispute with hackers

The hacker group Lockbit, known in France for attacking a hospital in Corbeil-Essones, has suffered a data breach due to its own ransomware. At the heart of this case is a disagreement over payment between the perpetrators and the developer.

Lockbit breaks on the spot. While a group of hackers were tying up media cyberattacks, an internal dispute led to the leak of a “constructor” – a kit for creating – one’s own malware to social networks on September 21st. A mysterious account called Ali Qushji, created on the same day, tweeted a file containing the elements and code needed to build the Lockbit ransomware (or ransomware in French).

This malware is by far one of the most effective on the market for stealing and intercepting victims’ data. It received significant media attention when it was used in the attack on the Corbeil-Essonne hospital on 12 September. The file is still available on GitHub. According to Bleeping Computer, which was able to review the documents, the assembler consists of four files, including an encryption key generator and configuration instructions. The American media even managed to personalize the software thanks to the elements posted on the web.

castle builderFiles required to mount the Lockbit ransomware. // Source: 3xp0rt

salary history

Such a tool, freely available online, offers thousands of hackers a complete ransomware production kit so they can set up their own tool and in turn perform similar operations. How did such an important file, held exclusively by Lockbit, end up on Twitter? 3xp0rt, a cybersecurity researcher, reports the conflict that caused this leak.

At a forum of Russian hackers closed to new members, the administrator of the criminal group explained that he urged the developer to improve the software, as an ordinary company would do. Lockbit refused to pay its provider due to software delivery delays and promised money after the tasks were completed. After several arguments, the developer in question finally decided to exit the project and dump all files on Github.

He first contacted vx-underground, a well-known cyber-explorer blog, but he refused to restore the faucet, realizing that it would be useful to many criminals.

Lockbit is not going to die. “This situation, of course, is unpleasant, but it motivates us to look for new developers and write new products,” the group administrator says on the forum. According to an Intel471 report, this team has become one of the world’s most prolific hackers in a year, with more than a third of ransomware attacks occurring in May/June.

This is not the first time the source code has been revealed. Babuk ransomware leaked in June 2021, this malware designed to encrypt Windows documents is still in use. In March 2022, it was the turn of the Russian hacker group Conti to be leaked after declaring their support for Vladimir Putin. The source code was quickly recovered by the NB65 team to carry out attacks in Russia. Cyber ​​researchers will also have the opportunity to work with this malware to update their defense system, but hackers are usually one step ahead. Naturally, we can expect Lockbit variants to appear in the coming months.

For further

Tattoos. // Source: Numerama

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.