Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent LockBit 3.0 ransomware for targeted attacks against organizations worldwide.
This allows the threat actors to tailor the malware for maximum impact and effectiveness against specific targets.
The findings come from the researcher’s analysis of the leaked LockBit 3.0 builder, which first surfaced on underground forums in 2022.
This builder enables criminals to generate customized versions of the ransomware by configuring options like network spreading capabilities and defenses to disable.
“The leaked builder has significantly simplified the process of creating tailored ransomware variants,” stated Dmitry Bestuzhev, Director of Kaspersky’s Global Research and Analysis Team. “This opens up a new level of danger, especially if the attackers can obtain privileged credentials within the targeted network.”
In one alarming incident response case, investigators found that the attackers had managed to steal plain text administrator credentials.
They then used the LockBit builder to generate a customized ransomware variant capable of spreading rapidly across the network using these stolen privileges.
The customized malware killed Windows Defender protections and erased event logs to cover its tracks before encrypting data across the compromised systems. Bestuzhev called it “a precision strike intended to maximize damage and cripple the victim.”
Researchers have identified similar customized LockBit attacks across Russia, Italy, Guinea-Bissau, and Chile in recent months. While most relied on default or slightly modified configurations, the incident involving stolen credentials demonstrates the potential devastation.
“We expect this trend to accelerate as more threat groups obtain access to the LockBit builder,” warned Bestuzhev. “Tailoring malware for specific targets makes attacks exponentially more potent.”
The findings have cybersecurity experts urging organizations to enhance their defensive posture and incident response preparedness radically. Implementing multi-factor authentication, promptly installing patches, and maintaining strict credential hygiene policies are critical.
“The ability for criminals to customize ransomware strains to bypass existing protections is a gamechanger,” said Emily Pycroft, CEO of CyberSec Consultants in London. “Defending against these advanced threats requires a new mindset and proactive measures.”
As LockBit 3.0 continues spreading, the cybersecurity community is bracing for an escalation in high-impact, targeted ransomware attacks tailored to punch holes through organizational defenses. Rapid action may be necessary to stay ahead of the evolving threat.
Host-based:
Network-based:
Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP
.
Researchers observed a recent surge in activity from the "FICORA" and "CAPSAICIN," both variants of…
The watering hole attack leverages a compromised website to deliver malware. When a user visits…
The NFS protocol offers authentication methods like AUTH_SYS, which relies on untrusted user IDs, and…
SquareX, an industry-first Browser Detection and Response (BDR) solution, leads the way in browser security.…
A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly…
Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a…