Security News > 2023 > February > LockBit ransomware goes 'Green,' uses new Conti-based encryptor
The LockBit ransomware gang has again started using encryptors based on other operations, this time switching to one based on the leaked source code for the Conti ransomware.
This week, cybersecurity collective VX-Underground first reported that the ransomware gang is now using a new encryptor named 'LockBit Green,' based on the leaked source code of the now-disbanded Conti gang.
Since the news of LockBit Green became public, researchers have found samples of the new encryptor circulating on VirusTotal and other malware-sharing sites.
A malware analyst known as CyberGeeksTech reverse-engineered a sample of LockBit Green and told BleepingComputer that it was definitely based on the Conti encryptor they previously analyzed.
PRODAFT told BleepingComputer that they know of at least five victims that have been attacked using the new LockBit Green variant.
While it's unclear why the LockBit operation is utilizing a new Conti-based encryptor when their previous one works fine, PRODAFT may have the answer.
- LockBit brags it pumped ION full of ransomware (source)
- LockBit ransomware gang claims Royal Mail cyberattack (source)
- U.S. and U.K. sanction TrickBot and Conti ransomware operation members (source)
- U.K. and U.S. Sanction 7 Russians for TrickBot, Ryuk, and Conti Ransomware Attacks (source)
- New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware (source)
- The Prolificacy of LockBit Ransomware (source)
- LockBit ransomware claims Essendant attack, company says “network outage” (source)
- Conti-based ransomware ‘MeowCorp’ gets free decryptor (source)
- Got Conti? Here's the ransomware cure to avoid paying up (source)
- LockBit 3.0 Ransomware: Inside the Cyberthreat That's Costing Millions (source)