Variants
LockBit 3.0
Variant of LockBit
The third major generation of LockBit (a.k.a. LockBit Black), notable for code borrowed from BlackMatter, a modular build system, and the first ransomware bug-bounty program.
LockBit 3.0, branded LockBit Black, shipped in June 2022 and marked a significant rewrite of the LockBit codebase. Security researchers found substantial overlap with the defunct BlackMatter ransomware, suggesting shared authorship or purchased source.
What changed
- A modular builder that produced customised encryptors per affiliate.
- Required command-line arguments / keys to run, frustrating sandboxes.
- Heavier obfuscation and anti-debugging.
- A public bug-bounty program — a first for a ransomware operation.
For the unpacking walkthrough and a diff against BlackMatter, see the Reverse Engineering Hub.