A week ago, we reported that the LockBit 3.0 code, which introduces some new features, such as a Bug Bounty program (a cash prize is awarded to those who detect bugs and vulnerabilities in software builds) , the support of payments through Zcash and new extortion tactics, had been spread on the net through Sendspace, contained within a password-protected 7z file (which was still reported in the clear).
It was just a question long before that code was also used by other ransomware groups in their attacks. Apparently, it didn't take long, as a relatively new group known as “Bl00Dy Ransomware Gang“ has already used the LockBit 3.0 builder to attack a Ukrainian entity.
Is it possible that # bl00dy ransomware it is just another side project of Conti? Id-ransom states it`s Conti, Intezer saw LockBit strings. Need help.
Files: https://t.co/J6L8PMw8xy @VK_Intel @ChristiaanBeek @James_inthe_box @malwrhunterteam @vxunderground @ demonslay335 pic.twitter.com/koAQmL6XbZ
- VR (@ angel11VR ) September 25, 2022
| ); }
There are further indications that Bl00dy used the LockBit code. In fact, an Intezer scan shows many similarities between the Bl00dy and LockBit encryptors, as well as the fact that the encrypted file names are also created in the style of LockBit, although the group has customized their text and contact information. br>