In a significant development, law enforcement dismantled the infrastructure of LockBit ransomware earlier this week, uncovering the clandestine work on a next-generation file encryption malware. Referred to as LockBit-NG-Dev, this emerging threat, likely the precursor to LockBit 4.0, was revealed through a collaborative effort between the UK’s National Crime Agency and cybersecurity firm Trend Micro.
In a departure from its predecessors built in C/C++, LockBit-NG-Dev is a work-in-progress developed in .NET, compiled with CoreRT, and packed with MPRESS. This strategic shift was brought to light as Trend Micro analyzed a sample of the latest LockBit variant capable of operating across multiple systems, indicating a more sophisticated approach to infection.
Despite lacking some features present in previous versions, such as self-propagation on compromised networks and printing ransom notes on victims’ printers, LockBit-NG-Dev appears to be in its final development stages, providing the most anticipated functionalities.
Trend Micro’s technical analysis reveals the encryptor’s support for three encryption modes (using AES+RSA) – “fast,” “intermittent,” and “full.” It includes a custom file or directory exclusion and the ability to randomize file naming to complicate restoration efforts.
Notably, the malware features a self-delete mechanism that overwrites LockBit’s own file contents with null bytes.
The discovery of Lock
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: