The builder was leaked on X (formerly Twitter) by a developer reportedly disgruntled with the LockBit leadership. This made a previously "exclusive" tool available to anyone with an internet connection. Key Components of the Leak
: Numerous groups, such as "Bl00dy" and "Buhti," have been observed using modified versions of the LockBit 3.0 code to launch their own campaigns under different names. LockBit-Black-Builder.zip
: Amateur hackers who lack the skills to write their own malware can now generate sophisticated ransomware with a few clicks. The builder was leaked on X (formerly Twitter)
The "LockBit Black" (also known as LockBit 3.0) builder is a proprietary tool originally used by the LockBit ransomware-as-a-service (RaaS) gang. It allows users to generate customized ransomware executables, decryptors, and the specialized tools needed to launch an attack. : Amateur hackers who lack the skills to
: Because so many different actors now use the same underlying code, it is much harder for security researchers to definitively attribute an attack to the original LockBit gang.
: A configuration file where attackers can customize the attack, including:
