Leaked LockBit 3.0 ransomware attacks by Bl00Dy Ransomware gang seen in the wild
Source: BleepingComputer
The first instance of the leaked LockBit 3.0 Ransomware Builder was recently detected in attacks in the wild. The latest version of the ransomware, Version 3.0, was leaked last week by an alleged disgruntled developer and attacks with it have been seen for the first time by the threat group. LockBit 3.0 contains new features to make it one of the most dangerous ransomware programs developed including new extortion tactics and Zcash paymets.
The Bl00Dy Ransomware Gang began attacking organizations around May 2022, with their first target being a group of medical and dental practices in New York. The threat group often operate by breaching a network, stealing corporate data, then deploying ransomware and encrypting all files on the network. Unlike other attackers, the group then uses a Telegram channel to extort victims.
The ransomware group traditionally uses a .bl00dy extension for encrypted files. However, as this is not a customizable option in the LockBit 3.0 builder, the threat actors are left using extensions determined when the leaked encryptor was built. The ransomware note left by the group has the unique Telegram contact method for victims to access.
As is the case with most malware, end users are targeted which makes maintaining a robust security posture highly important, including end-user training, to develop safe and secure internet browsing habits.