It enables users to select specific encryption modes, target local or network drives, and set up decryption IDs for victims.
This specific package surfaced after a disgruntled developer leaked the builder on Twitter (now X) and GitHub in September 2022. It allows threat actors to customize and generate their own functional ransomware executables, which has led to a surge in "LockBit-style" attacks by various independent cybercriminal groups. Key Details LockBit-Black-Builder-main.zip
Highly Malicious. Security platforms like ANY.RUN and App Any Run identify it as active ransomware. It enables users to select specific encryption modes,