Dissecting LockBit v3 Ransomware
blog.calif.ioThanks for sharing. I'm one of the co-authors of the blog post. Let me know if you have any questions!
tl;dr: We analyzed a LockBit v3 variant, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a design flaw that may cause permanent data loss. Nothing's earth-shattering, but it should be a fun read if you're into crypto and security!
Respectfully, doesnt sharing this information ensure that whoever is behind LockBit can improve and fix it? Surely that isnt desirable?
From the article:
> The crypto bug is already known to the malware author. We have observed newer variants where we can no longer take advantage of this bug.
I think the first few paragraphs of the article explain why analysis is worthwhile pretty succinctly.
I saw there is a decryption tools with the RSA decryption key.
How did they got those keys?