Kaspersky Lab analyzed the events of the past and came to a disappointing conclusion.
The latest Kaspersky Lab study analyzes in detail the consequences of the LockBit 3.0 constructor leak that occurred in 2022. Then cybercriminals were able to create flexibly customized versions of malware, which significantly increased the threat of infection, as hackers were able to configure the spread of the virus over the network, disable the security systems of target enterprises, encrypt data and erase event logs, hiding traces of their activities.
The LockBit 3.0 constructor files greatly simplify the process of creating the necessary virus. The user can generate public and private keys for data encryption and decryption, as well as create custom versions of the malware using the "Build.bat"script.
The configuration file allows you to activate the functions of spoofing IDs, encrypting network drives, disabling security, and distributing them over the network. This allows attackers to create a virus that will be adapted as accurately as possible to the target network architecture.
In February 2024, international law enforcement agencies conducted an operation to eliminate the LockBit infrastructure, but soon after the group announced its return. Research has shown that files created with the help of the designer leak were used for attacks around the world, including the CIS countries.
During the investigation of the incident, various techniques and tools used by attackers to distribute and manage the attack were identified, including the use of the SessionGopher script to extract stored credentials.
To reduce the risk of such attacks, it is recommended to use reliable antivirus solutions, disable unused services and ports, update systems and software, conduct regular penetration tests and vulnerability scanning, and conduct cybersecurity trainings for employees.
Analysis of the LockBit 3.0 constructor file shows how easily attackers can create new malware. This highlights the need for comprehensive security measures and the development of a cybersecurity culture among employees to effectively counter such threats.
The latest Kaspersky Lab study analyzes in detail the consequences of the LockBit 3.0 constructor leak that occurred in 2022. Then cybercriminals were able to create flexibly customized versions of malware, which significantly increased the threat of infection, as hackers were able to configure the spread of the virus over the network, disable the security systems of target enterprises, encrypt data and erase event logs, hiding traces of their activities.
The LockBit 3.0 constructor files greatly simplify the process of creating the necessary virus. The user can generate public and private keys for data encryption and decryption, as well as create custom versions of the malware using the "Build.bat"script.
The configuration file allows you to activate the functions of spoofing IDs, encrypting network drives, disabling security, and distributing them over the network. This allows attackers to create a virus that will be adapted as accurately as possible to the target network architecture.
In February 2024, international law enforcement agencies conducted an operation to eliminate the LockBit infrastructure, but soon after the group announced its return. Research has shown that files created with the help of the designer leak were used for attacks around the world, including the CIS countries.
During the investigation of the incident, various techniques and tools used by attackers to distribute and manage the attack were identified, including the use of the SessionGopher script to extract stored credentials.
To reduce the risk of such attacks, it is recommended to use reliable antivirus solutions, disable unused services and ports, update systems and software, conduct regular penetration tests and vulnerability scanning, and conduct cybersecurity trainings for employees.
Analysis of the LockBit 3.0 constructor file shows how easily attackers can create new malware. This highlights the need for comprehensive security measures and the development of a cybersecurity culture among employees to effectively counter such threats.
