U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […]

Lockbit 3.0 data leak

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang.

The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer.

The latest version of the encryptor, version 3.0, was released by the gang in June. According to the gang, LockBit 3.0 has important novelties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is one of the most active ransomware gangs.

The code of the encryptor was leaked on Twitter by at least a couple of accounts, @ali_qushji and @protonleaks1.

Lockbit 3.0 data leak

The builder is contained in a password-protected 7z archive, “LockBit3Builder.7z,” containing:

  • Build.bat;
  • builder.exe;
  • config.json;
  • keygen.exe.

Ali Qushji claims to have hacked the servers of the ransomware gang and stolen the ransomware encryptor.

Is the hack real?

BleepingComputer reported that the research team VX-Underground was informed by a representative of the LockBit operation that their infrastructure was not hacked. The representative added that the leak is the work of a disgruntled developer.

“We reached out to Lockbit ransomware group regarding this and discovered this leaker was a programmer employed by Lockbit ransomware group,” reads a now deleted tweet published by VX-Underground. “They were upset with Lockbit leadership and leaked the builder.”

The availability of the builder could allow any malicious actor to create its own version of the ransomware customizing it by modifying the configuration file.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, data leak)

[adrotate banner=”5″]

[adrotate banner=”13″]