Hacker Publishes Vulnerability in LockBit Ransomware

A member of the cybercriminal community discovered and published a vulnerability in LockBit ransomware that could be used to create a free decryptor.

LockBit has been distributed in a ransomware-as-a-service (RaaS) business model since January 2020. Malware developers lease it to their clients or so-called "partners". These "partners" gain access to corporate networks and deploy ransomware that encrypts files and demands a ransom to restore them.

A ransom note displayed on the desktop invites LockBit victims to access a web portal on the darknet where they can negotiate payment with the ransomware. The portal also offers a one-time free decryption feature to prove to victims that hackers have a working copy of the decryption key.

On Wednesday, March 17, a cybercrime forum released details of a vulnerability in LockBit's one-time decryption function, which could allow experts to create a ransom-free file recovery tool. The publication was made by the allegedly Russian-speaking cybercriminal Bassterlord, who was previously a "partner" of the groups LockBit, REvil, Avaddon and RansomExx.

Now that the vulnerability has become known to the general public, the LockBit developers can fix it, and the chance to create a free file recovery tool will be missed.

Previous Post Next Post