News

A bug in the LockBit malware makes possible to decrypt data for free

The Record reports that a bug in the LockBit malware code makes possible to decrypt data for free, without paying a ransom.

A bug in the RaaS version of the malware that LockBit authors have been leasing since January 2020 was discovered and publicized by another hacker, Bassterlord, who previously worked with both LockBit and other competing RaaS operations, including REvil, Avaddon, and RansomExx.

“In LockBit ransomware, clients found a bug that allows using trial decryptor infinitely. Also, one client reminded about critical bugs due to not usable LockBit in big ransomware attacks”, – an information security researcher known under the nickname 3xp0rt writes.

As it happened before, now the LockBit developers are likely to quickly fix the vulnerability, closing the possibility for free decryption of data. According to journalists, the LockBit website is down and this probably indicates that work is already underway.

LockBit is currently one of the most active ransomware groups. According to information security company Coveware, LockBit was among the 15 most dangerous ransomware in the fourth quarter of 2020, and according to ID-Ransomware, LockBit infects dozens of new victims every week.

A bug in the LockBit malware

Due to the high activity of LockBit among information security specialists, emerged a question about reporting errors in the work of ransomware.

For example, John Fokker, Head of Cyber Investigations & Principal Engineer at security firm McAfee believes that such bugs should be reported to the security vendor or No More Ransom experts.

“Both security vendors and the No More Ransom project have well-established mechanisms in place to take advantage of this information and help ransomware victims without alerting the ransomware authors”, — Fokker said.

Researchers complain that now the bug will be fixed, and hardly anyone will have time to use it. Although the problem prevented decryption of large batches of files immediately without notifying LockBit operators, the bug could still be used to decrypt selected important files for which, for example, there were no backups.

Let me remind you that Cybersecurity expert created a website for collecting information about vulnerabilities in malware.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button