LockBit copycat DarkVault spurs rebranding rumor

/in


DarkVault, a new ransomware group with a website resembling LockBit’s, may be the latest in a string of copycats mimicking the notorious ransomware-as-a-service (RaaS) gang.  

Security researcher Dominic Alvieri called attention to a redesign of DarkVault’s website on Wednesday. Alvieri’s post on X included a screenshot of a new homepage sporting LockBit’s distinctive style, including a red and white color scheme and similar page headings.

LockBit’s logo was also found on the DarkVault blog. The group’s older website features an image of a black cat lying on a vault, potentially a reference to another ransomware gang, ALPHV/BlackCat.

Cybernews reported that DarkVault may be an attempt by LockBit to rebrand, but Alvieri later clarified that the intention of his post was to make fun of the “copycats.”

DarkVault had posted nine alleged victims on its LockBit imitation site as of Thursday, according to Dark Web Informer, which previously discovered the older DarkVault website with no victims listed on March 29.

LockBit imposters leverage leaked 2022 RaaS builder

DarkVault would not be the first cybercrime group to imitate LockBit, with several using LockBit’s name, branding and leaked ransomware builder in their own attacks.

Trellix noted this trend in a blog published Thursday, which also described the partial revival of the original LockBit since its infrastructure was disrupted by law enforcement in February.  

The builder for the LockBit 3.0 ransomware, also known as LockBit Black, was leaked by one of the gang’s own developers in 2022 – since then, many threat actors have used the builder in their own attacks.

Some use the code as-is with minimal changes, such as the addition of their own version of the ransom note, while others have used the builder as a foundation for new ransomware strains, the researchers from Trellix’s Advanced Research Center wrote.

Dragonforce and Werewolves are two ransomware groups that emerged in 2023 using LockBit Black in their attacks. Dragonforce was found to be using the LockBit code as-is last September, with the exception of the ransom note, while Werewolves is believed to potentially have LockBit affiliates on its team due to…

Source…