Tag Archive for: Disgruntled

Turnabout is Fair Play? LockBit Ransomware Builder Leaked to Public by “Disgruntled Developer”

/in


LockBit has emerged as the biggest player in the “ransomware as a service” (RaaS) market in the past year. But the group may now be on the ropes as its newly revamped LockBit Ransomware Builder, the tool used to both build ransomware executables and decrypt locked files, is now available to the public via what the group claims is a “disgruntled developer.”

LockBit ransomware will undoubtedly be copied and used by other threat actors in the near term, putting the group’s business at risk. But the leak of the ransomware builder also gives security researchers valuable insights into bolstering the ability of cyber defenses to detect it and into decrypting locked files. The incident may end up finally dethroning LockBit, which became the premier RaaS group after major rivals such as Conti and REvil broke up under law enforcement pressure.

Newly overhauled LockBit ransomware compromised by insider

A new version of the LockBit ransomware (3.0) had just debuted in June, promising its criminal clientele that it would “make ransomware great again” with an assortment of new features. The ransomware builder that has made its way to the public is for this newly revised version, also sometimes called “LockBit Black” by the group.

The ransomware builder first appeared on Twitter on September 21, posted by a newly registered user under the handle “ali_qushji.” The Twitter user claimed that they had hacked several of the LockBit ransomware servers and located the new ransomware builder on one of them. Numerous security researchers examined the ransomware builder and confirmed that it was legitimate.

After this happened, the VX-Underground malware monitoring service came forward to share that a Twitter user by the name of “protonleaks” had privately shared a copy of the ransomware builder with them on September 10. However, this user had a different story; they claimed to be an angry developer leaking the ransomware builder due to differences with the upper echelons of LockBit.

With this tool, anyone with basic knowledge of these types of attacks could immediately create a knockoff service using the authentic LockBit ransomware. The ransomware builder automates all aspects of…

Source…

Disgruntled Employees to Deploy Ransomware – Krebs on Security

/in


Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Apparently now that includes emailing employees directly and asking them to unleash the malware inside their employer’s network in exchange for a percentage of any ransom amount paid by the victim company.

Image: Abnormal Security.

Crane Hassold, director of threat intelligence at Abnormal Security, described what happened after he adopted a fake persona and responded to the proposal in the screenshot above. It offered to pay him 40 percent of a million-dollar ransom demand if he agreed to launch their malware inside his employer’s network.

This particular scammer was fairly chatty, and over the course of five days it emerged that Hassold’s correspondent was forced to change up his initial approach in planning to deploy the DemonWare ransomware strain, which is freely available on GitHub.

“According to this actor, he had originally intended to send his targets—all senior-level executives—phishing emails to compromise their accounts, but after that was unsuccessful, he pivoted to this ransomware pretext,” Hassold wrote.

Abnormal Security documented how it tied the email back to a young man in Nigeria who acknowledged he was trying to save up money to help fund a new social network he is building called Sociogram.

Image: Abnormal Security.

Reached via LinkedIn, Sociogram founder Oluwaseun Medayedupin asked to have his startup’s name removed from the story, although he did not respond to questions about whether there were an inaccuracies in Hassold’s report.

“Please don’t harm Sociogram’s reputation,” Medayedupin pleaded. “I beg you as a promising young man.”

This attacker’s approach may seem fairly amateur, but it would be a mistake to dismiss the threat from West African cybercriminals dabbling in ransomware. While multi-million dollar ransomware payments are hogging the headlines, by far the biggest financial losses tied to cybercrime each year stem from so-called Business Email Compromise (BEC) or CEO Scams, in which crooks mainly based in Africa and Southeast Asia will spoof communications…

Source…

Disgruntled programmer accused of trying to sell his firm’s iPhone spyware for $50 million

/in
Nso spyware

Your company doesn’t have to work in the field of high-tech surveillance and spyware to find itself at risk from insiders.

Read more in my article on the Tripwire State of Security blog.

Graham Cluley