Threat Management

Bl00dy ransomware leveraging leaked LockBit ransomware builder

BleepingComputer reports that recent attacks by the newly emergent Bl00dy Ransomware Gang involved the use of the LockBit 3.0 ransomware builder that leaked last week following a falling out between a LockBit operator and his developer. Bl00dy Ransomware Gang, which was initially discovered to attack New York-based medical and dental practices in May, was identified by cybersecurity researcher Vladislav Radetskiy to have used a new encryptor in an attack against a Ukrainian entity. While the email included in the encryptor has befuddled experts regarding its origin, MalwareHunterTeam later discovered that the leaked LockBit 3.0 ransomware builder had been used as the basis for the encryptor. Further testing by BleepingComputer showed that the extensions used in the new builder indicated the time when the encryptor was created, while file names in the ransom note resembled those by LockBit although certain customizations in text and contact information had been done by the Bl00dy Ransomware Gang.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.