LockBit Ransomware Gang Switches to Conti-based Encryptor
Cybersecurity experts have noticed that the LockBit ransomware gang has switched to a different encryptor for their criminal enterprise.
According to vx-underground, the ransomware-as-a-service (RaaS) operation scrapped leaked Conti ransomware gang source code to create a new encryptor dubbed “LockBit Green.”
This is not the first time the LockBit operation has swapped components of its vicious machinery, either. Since its beginning, the group has gone through various encryptor versions, including a custom, self-developed one and LockBit 3.0 (LockBit Black), which was built upon BlackMatter source code.
After the demise of the Conti ransomware gang, several hacking groups proceeded to scavenge its leaked source code and adapt it to their operations. Security experts were baffled that LockBit decided to build a new encryptor based on Conti’s leaked code, as the group had been using a proprietary encryptor for quite some time.
As BleepingComputer reported, there’s no doubt that LockBit Green is built upon Conti’s framework. Sample analyses revealed that the gang’s new encryptor uses a similar decryption algorithm to some previous Conti tools and some identical command-line arguments.
Another oddity is that LockBit Green strayed away from the gang’s original .lockbit extension and now appends random extensions to ciphered files. However, the cybercrime group added a personal touch to the new encryption component of their RaaS operation by modifying the ransom notes.
In September, a disgruntled developer leaked the latest version of LockBit’s ransomware builder online, a few months after the malicious group launched version 3.0 of its service. The leaked archive included a builder, an encryption key generator, a customizable configuration JSON file, and an automated BAT script to generate all the files required to run a ransomware campaign.
Specialized tools like Bitdefender Ultimate Security can help you fend off ransomware and other e-threats with its extensive library of features, including:
- 24/7 all-around detection and protection against viruses, worms, Trojans, spyware, ransomware, rootkits, zero-day exploits, and other cyberthreats
- Behavioral detection technology that closely monitors active apps and takes instant action upon detecting suspicious activity
- Multi-layered ransomware protection module that keeps your documents, videos, music, and photos safe from ransomware attacks