The Record reports that a bug in the LockBit malware code makes possible to decrypt data for free, without paying a ransom.
A bug in the RaaS version of the malware that LockBit authors have been leasing since January 2020 was discovered and publicized by another hacker, Bassterlord, who previously worked with both LockBit and other competing RaaS operations, including REvil, Avaddon, and RansomExx.
“In LockBit ransomware, clients found a bug that allows using trial decryptor infinitely. Also, one client reminded about critical bugs due to not usable LockBit in big ransomware attacks”, – an information security researcher known under the nickname 3xp0rt writes.
As it happened before, now the LockBit developers are likely to quickly fix the vulnerability, closing the possibility for free decryption of data. According to journalists, the LockBit website is down and this probably indicates that work is already underway.
LockBit is currently one of the most active ransomware groups. According to information security company Coveware, LockBit was among the 15 most dangerous ransomware in the fourth quarter of 2020, and according to ID-Ransomware, LockBit infects dozens of new victims every week.
Due to the high activity of LockBit among information security specialists, emerged a question about reporting errors in the work of ransomware.
For example, John Fokker, Head of Cyber Investigations & Principal Engineer at security firm McAfee believes that such bugs should be reported to the security vendor or No More Ransom experts.
“Both security vendors and the No More Ransom project have well-established mechanisms in place to take advantage of this information and help ransomware victims without alerting the ransomware authors”, — Fokker said.
Researchers complain that now the bug will be fixed, and hardly anyone will have time to use it. Although the problem prevented decryption of large batches of files immediately without notifying LockBit operators, the bug could still be used to decrypt selected important files for which, for example, there were no backups.
Let me remind you that Cybersecurity expert created a website for collecting information about vulnerabilities in malware.