When law enforcement demolished the cybercriminal’s infrastructure earlier this week, LockBit ransomware developers were secretly creating a new version of their file encrypting malware, known as LockLit NG-Dev. This version is probably going to become LockSlot4. 0.
Trend Micro examined a sample of the most recent LockBit development, which can function on various operating systems, in collaboration with the , the UK’s National Crime Agency, and the cybersecurity company.
Next-generation LockBit
The most recent example of LockBit malware is an a , work-in-progress piece of.NET that appears to have been compiled with CoreRT and is loaded with MPRESS, as opposed to the previous version, which is built in C/C++.
According to Trend Micro, the malware comes with a JSON configuration file that specifies the execution parameters, including the RSA public key, unique IDs, execution date range, and ransom note details.
The new encryptor appears to be in its final development stages and already offers the majority of the expected functionality, despite the security firm’s claim that it lacks some features that were present in earlier iterations ( such as the ability to self-promote on compromised networks, printing and nbsp, and ransom notes on victim printers ).
It has custom file or directory exclusion, can randomize the file naming and nbsp, and supports three encryption modes (using AES+RSA ), namely “fast,” “intermittent,” and “full.” This makes restoration efforts more difficult.
Additional options include a , self-delete, lockBit’s overwrite, and own file contents with null bytes.
A thorough technical analysis and nbsp of the malware has been published by Trend Micro, which reveals LockBit-NG-Dev’s complete configuration parameters.
Another setback suffered by law enforcement as a result of Operation Cronos is the discovery of the new LockBit encrypter. Cybercriminal activity should present a difficult challenge when security researchers are aware of the source code for the encrypting malware, even if backup servers are still under gang control.