The LockBit ransomware gang has switched to an encryptor based on the leaked source code of the Conti ransomware. VX-Underground first reported that the ransomware gang is now using a new encryptor named LockBit Green. The Conti ransomware gang shut down after a series of data breaches caused by the leaking of 170,000 internal messages and the source code for their encryptor. Cybersecurity collective CyberGeeksTech reverse-engineered a sample of LockBit Green and confirmed that it was based on the Conti source code. PRODAFT shared four MD5 hashes of LockBit Green samples, including a Yara rule that can detect the new variant. LockBit Green uses a random extension rather than the standard and the ransom notes have been modified to use the LockBit 3.0 ransom note. PRODAFT has observed that ex-Conti members prefer LockBit Green after the announcement.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 01 Feb 2023 22:48:02 +0000