LockBit has been developing a new cross-platform ransomware variant to supersede LockBit 3.0 as the ransomware gang was taken down by an international law enforcement operation, The Register reports.
Multiple platforms could have been targeted by the new LockBit ransomware version dubbed "LockBit-NG-Dev" due to its utilization of .NET-based code and a CoreRT compiler while potentially enabling improved static file detection bypass with MPRESS, a report from Trend Micro revealed. Developers of the updated LockBit version have also integrated a hardcoded date range of the strain's functionality to likely hinder attacks from copycat operations. "This can also be considered an anti-analysis and anti-sandbox technique however, it is relatively simple for an analyst to bypass this during reverse engineering. On the other hand, it would be more difficult for an affiliate to patch the binary before using it against a victim, said researchers, who added that the newly integrated features could preview tools that could be leveraged by other ransomware groups.
Multiple platforms could have been targeted by the new LockBit ransomware version dubbed "LockBit-NG-Dev" due to its utilization of .NET-based code and a CoreRT compiler while potentially enabling improved static file detection bypass with MPRESS, a report from Trend Micro revealed. Developers of the updated LockBit version have also integrated a hardcoded date range of the strain's functionality to likely hinder attacks from copycat operations. "This can also be considered an anti-analysis and anti-sandbox technique however, it is relatively simple for an analyst to bypass this during reverse engineering. On the other hand, it would be more difficult for an affiliate to patch the binary before using it against a victim, said researchers, who added that the newly integrated features could preview tools that could be leveraged by other ransomware groups.
