The Week in Ransomware - September 23rd 2022 - LockBit leak
- September 24, 2022
- 05:25 AM ET 2:25 AM PT
- 0
This week we saw some embarrassment for the LockBit ransomware operation when their programmer leaked a ransomware builder for the LockBit 3.0 encryptor.
Running the ransomware builder is simple and quickly creates an encryptor, private/public encryption keys, and a decryptor by just running a batch file.
The LockBit 3.0 ransomware builder makes it easy for any would-be threat actor to roll out their own operation simply by modifying the enclosed configuration file to use custom ransom notes.
Ransomware operations were launched in the past from the leaks of the Babuk ransomware builder and Conti source code.
Other research this week shows how the BlackMatter ransomware gang continues to evolve its operation by upgrading its data exfiltration tool for double-extortion attacks.
This week, we also learned more about ransomware attacks, including those on the New York Racing Association and a New York ambulance service.
Contributors and those who provided new ransomware information and stories this week include: @struppigel, @DanielGallagher, @demonslay335, @malwrhunterteam, @Seifreed, @malwareforme, @fwosar, @BleepinComputer, @FourOctets, @billtoulas, @jorntvdw, @PolarToffee, @Ionut_Ilascu, @VK_Intel, @LawrenceAbrams, @serghei, @S2W_Official, @GeeksCyber, @BroadcomSW, @pcrisk, @3xp0rtblog, @vxunderground, @PogoWasRight, @AhnLab_SecuInfo, and @zscaler.