Significant concerns have been raised by cybersecurity experts over the leak of the LockBit 3.0 ransomware encryptor, which could be leveraged by other threat groups to create their own operations, reports The Record, a news site by cybersecurity firm Recorded Future.
Attackers leveraging LockBit's source code is a "near certainty," according to Symantec Threat Hunter Team Principal Intelligence Analyst Dick O'Brien.
"Other ransomware operators could replace their payloads with rebranded variants of LockBit and you could see some aspirant groups use this to launch their own ransomware operations," said O'Brien.
Similar sentiments were shared by Emsisoft threat analyst Brett Callow.
"As was the case when Babuks builder leaked, we may well see other threat actors use LockBits, which would obviously complicate attribution," Callow said.
However, O'Brien warned against exaggerating the potential impact of the leak.
"Attackers also need to have the capability to access the networks of a large pool of potential victims and also the ability to scale by creating the infrastructure needed for an affiliate program," he added.
A healthcare provider can have all the elements in place, but without context, prioritization of systems, and well-practiced incident response plan, the effectiveness of well-laid processes are limited.