Friday, May 24, 2024

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide.

This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets.

The findings come from the researcher’s analysis of the leaked LockBit 3.0 builder, which first surfaced on underground forums in 2022.

This builder enables criminals to generate customized versions of the ransomware by configuring options like network spreading capabilities and defenses to disable.

“The leaked builder has significantly simplified the process of creating tailored ransomware variants,” stated Dmitry Bestuzhev, Director of Kaspersky’s Global Research and Analysis Team. “This opens up a new level of danger, especially if the attackers can obtain privileged credentials within the targeted network.”

Customized Attack Leaves Trail of Destruction

In one alarming incident response case, investigators found that the attackers had managed to steal plain text administrator credentials.

They then used the LockBit builder to generate a customized ransomware variant capable of spreading rapidly across the network using these stolen privileges.

LockBit builder files

The customized malware killed Windows Defender protections and erased event logs to cover its tracks before encrypting data across the compromised systems. Bestuzhev called it “a precision strike intended to maximize damage and cripple the victim.”

Researchers have identified similar customized LockBit attacks across Russia, Italy, Guinea-Bissau, and Chile in recent months. While most relied on default or slightly modified configurations, the incident involving stolen credentials demonstrates the potential devastation.

Custom configuration

“We expect this trend to accelerate as more threat groups obtain access to the LockBit builder,” warned Bestuzhev. “Tailoring malware for specific targets makes attacks exponentially more potent.”

Calls for Increased Defensive Measures

The findings have cybersecurity experts urging organizations to enhance their defensive posture and incident response preparedness radically. Implementing multi-factor authentication, promptly installing patches, and maintaining strict credential hygiene policies are critical.

“The ability for criminals to customize ransomware strains to bypass existing protections is a gamechanger,” said Emily Pycroft, CEO of CyberSec Consultants in London. “Defending against these advanced threats requires a new mindset and proactive measures.”

As LockBit 3.0 continues spreading, the cybersecurity community is bracing for an escalation in high-impact, targeted ransomware attacks tailored to punch holes through organizational defenses. Rapid action may be necessary to stay ahead of the evolving threat.

Indicators of compromise


  • 8138f1af1dc51cde924aa2360f12d650
  • decd6b94792a22119e1b5a1ed99e8961


  • update.centos-yum[.]com (199.231.211[.]19)

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.


Latest articles

Hackers Weaponizing Microsoft Access Documents To Execute Malicious Program

In multiple aggressive phishing attempts, the financially motivated organization UAC-0006 heavily targeted Ukraine, utilizing...

Microsoft Warns Of Storm-0539’s Aggressive Gift Card Theft

Gift cards are attractive to hackers since they provide quick monetization for stolen data...

Kinsing Malware Attacking Apache Tomcat Server With Vulnerabilities

The scalability and flexibility of cloud platforms recently boosted the emerging trend of cryptomining...

NSA Releases Guidance On Zero Trust Maturity To Secure Application From Attackers

Zero Trust Maturity measures the extent to which an organization has adopted and implemented...

Chinese Hackers Stay Hidden On Military And Government Networks For Six Years

Hackers target military and government networks for varied reasons, primarily related to spying, which...

DNSBomb : A New DoS Attack That Exploits DNS Queries

A new practical and powerful Denial of service attack has been discovered that exploits...

Malicious PyPI & NPM Packages Attacking MacOS Users

Cybersecurity researchers have identified a series of malicious software packages targeting MacOS users.These...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles