February 22, 2024 at 08:52AM
LockBit ransomware developers were working on a new version, LockBit-NG-Dev, likely to become LockBit 4.0, before law enforcement dismantled their infrastructure. Trend Micro’s analysis revealed this new version’s capabilities, including support for multiple operating systems and encryption modes, though lacking some features from previous iterations. The discovery poses a challenge for the cybercriminal business.
Key takeaways from the meeting notes:
– LockBit ransomware developers were working on a new version, LockBit-NG-Dev, which was likely to become LockBit 4.0 before law enforcement took down their infrastructure.
– The National Crime Agency in the UK collaborated with cybersecurity company Trend Micro to analyze a sample of the latest LockBit development, which can work on multiple operating systems.
– The latest sample is a work-in-progress written in .NET and appears to be compiled with CoreRT, packed with MPRESS, and includes a configuration file in JSON format.
– The new encryptor lacks some features present in previous iterations, but it is in its final stages of development and offers most of the expected functionality, including support for three encryption modes, custom file or directory exclusion, file naming randomization, and a self-delete mechanism.
– Trend Micro has published a technical analysis of the malware, revealing the full configuration parameters for LockBit-NG-Dev.
– The discovery of the new LockBit encrypter is a blow to the operators through Operation Cronos, making it a tough challenge for the cybercriminal business to restore, especially when the source code for the encrypting malware is known to security researchers.