BleepingComputer reports that the LockBit ransomware operation was discovered by cybersecurity collective VX-Underground to leverage the new 'LockBit Green' encryptor, which is based on Conti ransomware gang's leaked source code.
Numerous LockBit Green samples have already been found in malware-sharing sites, with malware analyst CyberGeeksTech, who reverse-engineered a sample, noting with absolute certainty that the new encryptor was completely derived from the Conti encryptor.
"The decryption algorithm is just an example of a similarity. It's weird that they've chosen to build a payload based on Conti, they have their own encryptor for some time," said CyberGeeksTech.
Meanwhile, at least five entities have already been impacted by attacks using the new encryptor, according to PRODAFT, which noted that LockBit may be using the new encryptor due to familiarity with Conti ransomware.
"We especially observed that ex-Conti members preferred LockBit Green after the announcement. They probably feel comfortable using conti-based ransomware," said PRODAFT.