New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Blow to Morgan Advanced Materials as cyber-attack to cost millions to deal with

    February 7, 2023

    Shares in Morgan Advanced Materials tanked 7.5% to 292p this morning after the industrial manufacturer became the latest listed firm to fall victim to a cyber attack which it said would cost millions of pounds to tackle. The 166-year-old firm warned the attack meant some of its IT systems were irrecoverable, and it had been forced ...

  • Medusa botnet returns as a Mirai-based variant with ransomware sting

    February 7, 2023

    A new version of the Medusa DDoS (distributed denial of service) botnet, based on Mirai code, has appeared in the wild, featuring a ransomware module and a Telnet brute-forcer. Medusa is an old malware strain (not to be confused with the same-name Android trojan) being advertised in darknet markets since 2015, which later added HTTP-based DDoS ...

  • Hijacking Your Bandwidth: How Proxyware Apps Open You Up to Risk

    February 7, 2023

    There are many online stories and blog posts teaching people how to make “passive income” by sharing spare computing power and/or unused internet bandwidth. When users willingly or unwillingly install such software on their computers, the systems become agents of a distributed network. The operators of this distributed network might monetize it by selling proxy ...

  • Researcher breaches Toyota supplier portal with info on 14,000 partners

    February 7, 2023

    Toyota’s Global Supplier Preparation Information Management System (GSPIMS) was breached by a security researcher who responsibly reported the issue to the company. GSPIMS is the car manufacturer’s web application that allows employees and suppliers to remotely log in and manage the firm’s global supply chain. Read more… Source: Bleeping Computer  

  • Web beacons on websites and in e-mail

    February 7, 2023

    There is a vast number of trackers, which gather information about users’ activities online. For all intents and purposes, We have grown accustomed to online service providers, marketing agencies, and analytical companies tracking our every mouse click, our social posts, browser and streaming services history. The collected data can be used for improving their user ...

  • Here’s a list of proxy IPs to help block KillNet’s DDoS bots

    February 6, 2023

    A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics. At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses ...