Search
Close this search box.
DoD Cyber Security blogs lockbit

Before being taken down, LockBit ransomware was secretly developing a next-generation encryptor.

When law enforcement demolished the cybercriminal’s infrastructure earlier this week, LockBit ransomware developers were secretly creating a new version of their file encrypting malware, known as LockLit NG-Dev. This version is probably going to become LockSlot4. 0.

Trend Micro examined a sample of the most recent LockBit development, which can function on various operating systems, in collaboration with the&nbsp, the UK’s National Crime Agency, and the cybersecurity company.

Next-generation LockBit

The most recent example of LockBit malware is an a&nbsp, work-in-progress piece of.NET that appears to have been compiled with CoreRT and is loaded with MPRESS, as opposed to the previous version, which is built in C/C++.

According to Trend Micro, the malware comes with a JSON configuration file that specifies the execution parameters, including the RSA public key, unique IDs, execution date range, and ransom note details.

Encrypted configuration
( Trend Micro ) Decrypted configuration

The new encryptor appears to be in its final development stages and already offers the majority of the expected functionality, despite the security firm’s claim that it lacks some features that were present in earlier iterations ( such as the ability to self-promote on compromised networks, printing and nbsp, and ransom notes on victim printers ).

It has custom file or directory exclusion, can randomize the file naming and nbsp, and supports three encryption modes (using AES+RSA ), namely “fast,” “intermittent,” and “full.” This makes restoration efforts more difficult.

File encrypted in the intermittent mode
File with intermittent mode ( Trend Micro ) encryption

Additional options include a&nbsp, self-delete, lockBit’s overwrite, and own file contents with null bytes.

A thorough technical analysis and nbsp of the malware has been published by Trend Micro, which reveals LockBit-NG-Dev’s complete configuration parameters.

Another setback suffered by law enforcement as a result of Operation Cronos is the discovery of the new LockBit encrypter. Cybercriminal activity should present a difficult challenge when security researchers are aware of the source code for the encrypting malware, even if backup servers are still under gang control.

Lean More About DoD Cybersecurity, Cyber Threats and Related Contents

Learn why IDShield offers the best security and value.

www.sentrypc.com

PureVPN - Best VPN and Your Trusted Partner for Internet Freedom

🔥BIG SAVINGS 82% Off PureVPN.🔥 Secure Your Online Privacy Now. LIMITED OFFER!

🔥 SAVE 82% OFF 🔥 on PureVPN! Limited Offer – Enhance Your Digital Security Today.
Click To View Offer on PureVPN Website

NordVPN - Your Passport to Unrestricted Freedom

Embrace Digital Freedom and Security with NordVPN.
🔥Up To 63% Off🔥

Start Today Your Journey to a Safer Internet Today!
Click To View Offer on NordVPN Website

Protect Your Data with DeleteMe the Go-To-Solution

DeleteMe is Your Guardian Against Identity Theft and Online Exposure!
🔥Take 20% Off - Click Here to View Code🔥
Malwarebytes Browser Guard filters out annoying ads and scams while blocking trackers that spy on you.
Malwarebytes for Home | Anti-Malware Premium | Free Trial Download
Try Ultahost - The best place to get secure, inexpensive shared web hosting services!
View deals and specials on Used Macs, Mac hardware, Mac accessories, and more. Shop now!

DoD Cybersecurity protecting your digital world one secure step at a time with DoD Cybersecurity Blogs.
DoDCybersecurityblogs.com | All Rights Reserved | Designed by Omar Solomon

Skip to content