Made on
Tilda
is the filename of a leaked software package that allows anyone to generate custom versions of the LockBit 3.0 ransomware, also known as "LockBit Black". Overview of the Leak
Malware analysis Lockbit 3 Builder.7z Malicious activity - ANY.RUN LockBit3Builder.7z
: A tool to generate unique encryption and decryption keys. is the filename of a leaked software package
: A batch file that automates the compilation of the ransomware binaries. Technical Capabilities LockBit3Builder.7z
The availability of this builder lowered the barrier for entry into cybercrime, enabling smaller, non-affiliated threat actors—such as the —to launch sophisticated attacks using LockBit's high-end encryption engine. Contents of the .7z Archive
The builder was leaked online in after a disgruntled developer reportedly stole the code from the LockBit ransomware-as-a-service (RaaS) group. It was initially shared via Twitter accounts like @ali_qushji and @protonleaks , and the code has since been mirrored on platforms like GitHub .
Ransomware generated with this builder inherits several advanced features from the original LockBit 3.0 strain: