Go Back   Carder.life > [en] International Forum > Carding News
Reload this Page LockBit ransomware secretly building next-gen encryptor before takedown

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


Reply
 
Thread Tools Display Modes
  #1  
Old 01-02-2025, 12:47 PM
Artifact's Avatar

Artifact Artifact is offline
Administrator
Join Date: Jan 2024
Posts: 0
Default

LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely to become LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.
As a result of the collaboration with the National Crime Agency in the UK, cybersecurity company Trend Micro analyzed a sample of the latest LockBit development that can work on multiple operating systems.
LockBit next-gen
While previous LockBit malware is built in C/C++, the latest sample is a work-in-progress written in .NET that appears to be compiled with CoreRT, and packed with MPRESS.
Trend Micro says that the malware includes a configuration file in JSON format that outlines the execution parameters such as execution date range, ransom note details, unique IDs, RSA public key, and other operational flags.

Decrypted configuration
Although the security firm says the new encryptor lacks some features present in previous iterations (e.g. ability to self-propagate on breached networks, printing ransom notes on victim's printers), it appears to be in its final development stages, already offering most of the expected functionality.
It supports three encryption modes (using AES+RSA), namely "fast," "intermittent," and "full," has custom file or directory exclusion, and can randomize the file naming to complicate restoration efforts.

File encrypted in the intermittent mode
Additional options include a self-delete mechanism that overwrites LockBit's own file contents with null bytes.
Trend Micro has published a deeply technical analysis of the malware, which reveals the full configuration parameters for LockBit-NG-Dev.
The discovery of the new LockBit encrypter is another blow law enforcement dealt to LockBit operators through Operation Cronos. Even if backup servers are still controlled by the gang, restoring the cybercriminal business should be a tough challenge when the source code for the encrypting malware is known to security researchers.
https://www.bleepingcomputer.com/new...fore-takedown/
Reply

Tags
NULL

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 10:10 AM.

Contact Us - Carder.life - Archive - Top