Friday, May 9, 2025
HomeCyber AttackHacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Published on

SIEM as a Service

Follow Us on Google News

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide.

This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets.

The findings come from the researcher’s analysis of the leaked LockBit 3.0 builder, which first surfaced on underground forums in 2022.

- Advertisement - Google News

This builder enables criminals to generate customized versions of the ransomware by configuring options like network spreading capabilities and defenses to disable.

“The leaked builder has significantly simplified the process of creating tailored ransomware variants,” stated Dmitry Bestuzhev, Director of Kaspersky’s Global Research and Analysis Team. “This opens up a new level of danger, especially if the attackers can obtain privileged credentials within the targeted network.”

Customized Attack Leaves Trail of Destruction

In one alarming incident response case, investigators found that the attackers had managed to steal plain text administrator credentials.

They then used the LockBit builder to generate a customized ransomware variant capable of spreading rapidly across the network using these stolen privileges.

LockBit builder files

The customized malware killed Windows Defender protections and erased event logs to cover its tracks before encrypting data across the compromised systems. Bestuzhev called it “a precision strike intended to maximize damage and cripple the victim.”

Researchers have identified similar customized LockBit attacks across Russia, Italy, Guinea-Bissau, and Chile in recent months. While most relied on default or slightly modified configurations, the incident involving stolen credentials demonstrates the potential devastation.

Custom configuration

“We expect this trend to accelerate as more threat groups obtain access to the LockBit builder,” warned Bestuzhev. “Tailoring malware for specific targets makes attacks exponentially more potent.”

Calls for Increased Defensive Measures

The findings have cybersecurity experts urging organizations to enhance their defensive posture and incident response preparedness radically. Implementing multi-factor authentication, promptly installing patches, and maintaining strict credential hygiene policies are critical.

“The ability for criminals to customize ransomware strains to bypass existing protections is a gamechanger,” said Emily Pycroft, CEO of CyberSec Consultants in London. “Defending against these advanced threats requires a new mindset and proactive measures.”

As LockBit 3.0 continues spreading, the cybersecurity community is bracing for an escalation in high-impact, targeted ransomware attacks tailored to punch holes through organizational defenses. Rapid action may be necessary to stay ahead of the evolving threat.

Indicators of compromise

Host-based:

  • 8138f1af1dc51cde924aa2360f12d650
  • decd6b94792a22119e1b5a1ed99e8961

Network-based:

  • update.centos-yum[.]com (199.231.211[.]19)

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed...

Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition

Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing...

Kaspersky Alerts on AI-Driven Slopsquatting as Emerging Supply Chain Threat

Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the...

UK Government to Shift Away from Passwords in New Security Move

UK government has unveiled plans to implement passkey technology across its digital services later...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Researchers Uncover Remote Code Execution Flaw in macOS – CVE-2024-44236

Security researchers Nikolai Skliarenko and Yazhi Wang of Trend Micro’s Research Team have disclosed...

Apache ActiveMQ Vulnerability Allows Attackers to Induce DoS Condition

Critical vulnerability in Apache ActiveMQ (CVE-2024-XXXX) exposes brokers to denial-of-service (DoS) attacks by allowing...

Kaspersky Alerts on AI-Driven Slopsquatting as Emerging Supply Chain Threat

Cybersecurity researchers at Kaspersky have identified a new supply chain vulnerability emerging from the...