"LockBit Code Leak Sparks Wave of RaaS Attacks"

LockBit 3.0, the LockBit ransomware gang's malware, was leaked last year. Researchers have found that several other threat groups used the leaked LockBit 3.0 builder to create their own ransomware variant and implement it in extortion campaigns. Soon after the September 2022 leak, researchers found an intrusion involving LockBit 3.0 ransomware. Although this variant was confirmed to be LockBit, the ransom demand procedure differed from that previously observed for this threat actor. In the examined ransom note, the extortionists referred to themselves as the National Hazard Agency, a previously unknown group. The note stood out because it included a specific demand ($3 million) for the decryption keys to the victim's encrypted files, as well as email and chat contact information. In contrast, the LockBit group interacts with their victims via their own communication and negotiation platform. Other threat groups discovered using LockBit 3.0 included Blacktail's Buhti ransomware operation, the Bl00dy ransomware gang, and GetLucky. This article continues to discuss the boost in Ransomware-as-a-Service (RaaS) attacks due to the LockBit code leak.

SC Media reports "LockBit Code Leak Sparks Wave of RaaS Attacks"