CYBERCRIMINALS HOLD LOCKBIT 3.0 CHAOS DESIGNER

A recent study by Kaspersky Laboratories has shed light on the consequences of the leakage of the Lockbit designer 3.0 in 2022. This leak provided cybercriminals with the ability to create highly customized versions of malware, posing a significant increase in the threat of infection. The hackers gained the capability to tailor the spread of the virus across networks, disable protective systems of targeted enterprises, encrypt data, and cover their tracks effectively.

The files from the LockBit 3.0 designer have streamlined the process of creating the necessary virus. Users can generate public and private keys for data encryption and decryption, as well as develop customized versions of malicious software using the Build.bat script.

The configuration file enables the activation of functions such as replacing identifiers, encrypting network drives, disabling protection, and network distribution. This enables attackers to create a virus specifically adapted to the architecture of the target network.

In February 2024, international law enforcement agencies coordinated an operation to dismantle the LockBit infrastructure. However, shortly after this operation, the group announced its resurgence. Investigations revealed that files created through the designer leak were used in attacks worldwide, including in CIS countries.

During the investigation, various techniques and tools employed by attackers for distribution and control of the attacks were uncovered, including the use of the SessionalOpher script to extract saved accounts.

To mitigate the risk of such attacks, it is advised to utilize reliable antivirus solutions, disable unused services and ports, keep systems and software up-to-date, conduct regular penetration tests and vulnerability scans, and provide cybersecurity training for employees.

Analysis of the LockBit 3.0 designer file underscores how effortlessly attackers can develop new malicious software. This underscores the imperative need for comprehensive protective measures and fostering a culture of cybersecurity among employees to effectively combat such threats.

/Reports, release notes, official announcements.