"Leaked LockBit 3.0 Builder Used by 'Bl00dy' Ransomware Gang in Attacks"

The new Bl00dy ransomware gang is now using the recently leaked LockBit ransomware builder in its attacks targeting companies. The LockBit 3.0 ransomware builder was recently leaked on Twitter after the LockBit operator had a disagreement with his developer. Anyone can use this builder to create a fully functional encryptor and decryptor. Following the leak, it was predicted that other threat actors would soon use the builder to create their own ransomware because it includes a configuration file that can easily be customized to use different ransom notes, statistics servers, and features. The Bl00dy ransomware gang has already used the builder in an attack against a Ukrainian entity. The gang began operating around May 2022, when it targeted a group of medical and dental practices in New York. The threat actors, like other human-operated ransomware operations, breach a network, steal corporate data, and encrypt devices. Instead of using a Tor data leak site to extort victims and publish stolen data, the threat actors use a Telegram channel. While this appears to be a ransomware gang, the threat actors do not appear to develop ransomware on their own. Instead, they use leaked builders and source code from other ransomware operations, such as Babuk and Conti, to create encryptors. This article continues to discuss the Bl00dy ransomware gang and its use of the recently leaked LockBit 3.0 ransomware builder. 

Bleeping Computer reports "Leaked LockBit 3.0 Builder Used by 'Bl00dy' Ransomware Gang in Attacks"