"Developer Leaks LockBit 3.0 Ransomware-Builder Code"

Running a ransomware operation like a regular business runs the risk of having disgruntled employees who may want to sabotage the operation. That seems to be the case with the LockBit Ransomware-as-a-Service (RaaS) operators, as an apparently upset developer publicly released the encryptor code for the latest version of the malware, LockBit 3.0, also known as LockBit Black, to GitHub. For security defenders, this development has both negative and potentially positive implications. Because the code is now publicly available, other ransomware operators now have access to the builder for one of the most sophisticated and dangerous ransomware strains. As a result, new copycat versions of the malware may begin circulating soon, further complicating the already cluttered ransomware threat landscape. At the same time, the leaked code allows white-hat security researchers to disassemble the builder software and better understand the threat. A security researcher can examine the software and potentially gather intelligence that can be used to prevent future attacks. At the very least, this leak provides defenders with more information about some of the work done by the LockBit group. This article continues to discuss the leak of LockBit 3.0 ransomware-builder code, the potential impact of this leak, as well as the history of LockBit. 

Dark Reading reports "Developer Leaks LockBit 3.0 Ransomware-Builder Code"