HQ/EMEAFind out how we can help your business
The LockBit ransomware group have uncovered the latest version of their malware dubbed “LockBit Green.” Based on reports, this new variant of the LockBit malware could also target cloud-based services.
Researchers explained that the ransomware operators had created a new version of their malware to primarily include cloud-based services among their targets since the previous versions could not.
Moreover, this version is the third iteration of the ransomware operators after deploying the LockBit Black and LockBit Red. Currently, the Ransomware-as-a-Service (RaaS) model of LockBit green could be obtained by the affiliates of the LockBit group on their portal.
Furthermore, other researchers noticed that the new version includes a modified version of the ESXI ransomware variant.
A senior threat intelligence researcher claimed that LockBit Green is similar to the Conti ransomware.
LockBit Green variant has also shown overlaps with the Conti ransomware since its source code was leaked a few months ago.
According to the analysis, the sample has a significant overlap of about 89%, similar to the Conti ransomware. The commandline flags for the newest version of the LockBit malware are identical specifically to Conti’s version three. Thus, the LockBit group might have gathered the leaked source code of Conti before creating a new malware.
More experts emphasised that the LockBit operators only modified a small portion of the leaked source code, including the ransom note, which is identical to the one utilised by the LockBit Black version.
The ransom notes in the source code have also been changed by the LockBit operators to a new code. The exposed source code of the Conti ransomware group enabled other threat actors to develop their version using their codes as blueprints. This incident allowed other notorious groups, such as LockBit, to improve and hasten the development of their malware.
Using and adapting the source code from Conti ransomware has aided LockBit in lowering the cost and time of developing their new malicious tools. The group maximises the RaaS maintainers to get new affiliates.
