Dissecting LockBit v3 Ransomware

Dissecting LockBit v3 Ransomware(blog.calif.io)

36 points by favadi 2 years ago | 5 comments

cryptbe 2 years ago |

Thanks for sharing. I'm one of the co-authors of the blog post. Let me know if you have any questions!

tl;dr: We analyzed a LockBit v3 variant, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a design flaw that may cause permanent data loss. Nothing's earth-shattering, but it should be a fun read if you're into crypto and security!

CasperH2O 2 years ago | |

Respectfully, doesnt sharing this information ensure that whoever is behind LockBit can improve and fix it? Surely that isnt desirable?

TonyTrapp 2 years ago | | |

From the article:

> The crypto bug is already known to the malware author. We have observed newer variants where we can no longer take advantage of this bug.

nazgulsenpai 2 years ago | | |

I think the first few paragraphs of the article explain why analysis is worthwhile pretty succinctly.

j16sdiz 2 years ago |

I saw there is a decryption tools with the RSA decryption key.

How did they got those keys?