The availability of this builder lowered the barrier for entry into cybercrime, enabling smaller, non-affiliated threat actors—such as the —to launch sophisticated attacks using LockBit's high-end encryption engine. Contents of the .7z Archive
Ransomware generated with this builder inherits several advanced features from the original LockBit 3.0 strain:
is the filename of a leaked software package that allows anyone to generate custom versions of the LockBit 3.0 ransomware, also known as "LockBit Black". Overview of the Leak LockBit3Builder.7z
According to researchers from ThreatDown and Thales Group , the password-protected archive typically contains four critical files that simplify the ransomware creation process:
The builder was leaked online in after a disgruntled developer reportedly stole the code from the LockBit ransomware-as-a-service (RaaS) group. It was initially shared via Twitter accounts like @ali_qushji and @protonleaks , and the code has since been mirrored on platforms like GitHub . The availability of this builder lowered the barrier
: A tool to generate unique encryption and decryption keys.
Malware analysis Lockbit 3 Builder.7z Malicious activity - ANY.RUN It was initially shared via Twitter accounts like
: The core executable used to compile the final ransomware payload.