New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • QNAP NAS devices hit in surge of ech0raix ransomware attacks

    December 27, 2021

    Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. The threat actor behind this particular malware intensified their activity about a week before Christmas, taking control of the devices with administrator privileges. Attack count jumps before Christmas BleepingComputer forum users managing QNAP and Synology NAS systems ...

  • Rook ransomware is yet another spawn of the leaked Babuk code

    December 24, 2021

    A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices. Although the introductory statements on their data leak portal were marginally funny, the first victim announcements on the site have made it clear that Rook is ...

  • Examining Log4j Vulnerabilities in Connected Cars and Charging Stations

    December 23, 2021

    Since its disclosure on Dec. 9, a vast number of articles have been written on the remote code execution (RCE) vulnerability in the library Apache Log4j — a reflection of its impact. The library is used by innumerable programs to easily release log statements without modifying the code. This means that it has an expansive ...

  • Stealthy BLISTER malware slips in unnoticed on Windows systems

    December 23, 2021

    Security researchers have uncovered a malicious campaign that relies on a valid code-signing certificate to disguise malicious code as legitimate executables. One of the payloads that the researchers called Blister, acts as a loader for other malware and appears to be a novel threat that enjoys a low detection rate. The threat actor behind Blister has been ...

  • Fulfilling Security Requirements for the Transportation Sector

    December 23, 2021

    Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said they ...

  • Honeypot experiment reveals what hackers want from IoT devices

    December 22, 2021

    A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries. IoT (Internet of Things) devices are a ...