View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 30, 2023updated 02 Feb 2023 6:04pm

LockBit green: Ransomware gang releases new malware and targets cloud

A new variation of the gang's problematic malware is out as it also targets cloud-based services.

By Claudia Glover

Notorious ransomware LockBit appears to have added a new variant, LockBit Green, to its dark web code repository, along with an update to malware that targets the widely used VMware ESXi hypervisor. Researchers say this indicates the growing importance of cloud services to cybercriminals.

LockBit announces new variant: LockBit Green. (Photo by al.geba/Shutterstock)

LockBit, also known as LockBit 3.0 as it is the third evolution of the group, now offers three variants of its malware for sale according to researchers vx-underground, who say they were contacted by the gang last week. The two other variants are also colour themed – red and black.

What is LockBit Green?

LockBit Green is “not anything I’ve heard of before,” says Allan Liska of security company Recorded Future. “It looks like this is something new, like a new variant of their existing ransomware.

The screenshots posted on Twitter show “what LockBit looks like for their affiliates, for the people who subscribe to the rights for their service,” Liska adds.

Paul Lewis, CISO at security company Nominet, says it makes sense for gangs to look to breach systems like ESXi which can act as an entry point to corporate networks. “Virtual machines are generally used for elastic, high capacity systems and services,” he says. “There are opportunities to potentially use this kind of technology to proliferate quicker because it’s all software, rather than boxes in data centres.”

Liska believes it reflects a greater focus on cloud by ransomware gangs. “More organisations are storing things in the cloud, so ransomware groups are more and more interested in the cloud,” he adds. “The fact that they’re still investing or the fact that they’re investing time and resources in building cloud tech shows, that’s where ransomware groups are thinking about their future.”

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

What we’re seeing is a natural evolution of software created by ransomware gangs Lewis adds. “This is just another way that criminals can exploit a relatively new technology like the cloud,” he says.

Read more: Hive ransomware gang’s infrastructure taken down by Interpol

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.