Recently, the Bl00Dy Ransomware Gang has been observed using a recently leaked LockBit ransomware builder in attacks against companies. The Bl00Dy Ransomware Gang was first observed operating around May 2022, when they were targeting a group of medical and dental practices in New York.
Last week, the LockBit 3.0 ransomware builder was leaked on Twitter after a fallout between a LockBit operator and a LockBit developer. This leaked builder allows anyone to build a fully functional encryptor and decryptor that threat actors can use for attacks. And the Bl00Dy Ransomware Gang now adopted the builder in an attack on a Ukrainian victim. This has been confirmed by multiple cyber security researchers who have seen multiple overlaps in the code between the Bl00dy and LockBit 3.0 encryptors.