Security News > 2022 > September > Leaked LockBit 3.0 builder used by ‘Bl00dy’ ransomware gang in attacks
The relatively new Bl00Dy Ransomware Gang has started to use a recently leaked LockBit ransomware builder in attacks against companies.
Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after the LockBit operator had a falling out with his developer.
As the builder includes a configuration file that can easily be customized to use different ransom notes, statistics servers, and features, BleepingComputer predicted that other threat actors would soon use the builder to create their own ransomware.
Our predictions have come true, and a relatively new ransomware group named 'Bl00Dy Ransomware Gang' has already utilized the builder in an attack on a Ukrainian entity.
It would not be surprising to see the Bl00dy Ransomware Gang switch between ransomware families as needed to either evade detection or take advantage of various features.
As LockBit 3.0 is one of the more advanced, feature-rich ransomware operations at this time, we should expect other threat actors to launch new operations using the leaked builder.
News URL
Related news
- Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks (source)
- Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks (source)
- New Mallox ransomware Linux variant based on leaked Kryptina code (source)
- AutoCanada says ransomware attack "may" impact employee data (source)
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- Embargo ransomware escalates attacks to cloud environments (source)
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Police arrest four suspects linked to LockBit ransomware gang (source)
- Ransomware attack forces UMC Health System to divert some patients (source)
- LockBit Ransomware and Evil Corp Members Arrested and Sanctioned in Joint Global Effort (source)