Experts Find Similarities Between LockBit and BlackMatter

similarities between LockBit and BlackMatter

Cybersecurity researchers have confirmed similarities between the latest iteration of LockBit ransomware and BlackMatter.

A new version of LockBit 3.0 (LockBit Black) was released in June 2022, along with a new leak site and the first Bug Bounty program on the dark web.

You may also be interested in reading: Conti vs. LockBit 2.0 – a Trend Micro Research in Brief.

The encryption process includes adding the extension “HLJkNskOq” or “19MqZqZ0s” to each file and changing the icons of the locked files to the icon of the “.ico” file that was removed by the LockBit sample to trigger the infection.

According to a report by Trend Micro researchers, the ransomware then displays a ransom note that mentions Elon Musk and the EU General Data Protection Regulation (GDPR). LockBit 3.0 then changes the wallpaper on the victim’s computer to report a ransomware attack.

Much of LockBit’s similarity to BlackMatter comes from the repetition of privilege escalation and data collection to identify APIs needed to terminate other processes, and the use of anti-debugging and multi-threading techniques to prevent parsing. In addition, LockBit 3.0 checks the interface language of the victim’s computer to avoid compromising systems related to the countries of the former USSR.

similarities between LockBit and BlackMatter

The findings come after LockBit programs became the most active ransomware-as-a-service (RaaS) groups in 2022. The latest attack on the RaaS model was carried out on the Italian tax office. According to the Palo Alto Networks 2022 Unit 42 report, out of 600 incidents between May 2021 and April 2022, the ransomware family accounted for 14% of intrusions, second only to Conti at 22%.

similarities between LockBit and BlackMatter

The development also highlights the continued success of the RaaS business model, lowering the barrier to entry for hackers and expanding the opportunitiesm of ransomware.

According to the Check Point Cyberattack Trends Report Q2 2022, on average, 1 in 40 organizations are attacked weekly, up 59% from 2021. Latin America saw the largest increase in attacks, with 1 in 23 organizations attacked each week, up 43% from 2021. Asia also saw growth of 33% (1 in 17 organizations).

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

View all of Vladimir Krasnogolovy's posts.

Leave a comment

Your email address will not be published.