New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Scammers grabbed $7.7 billion worth of cryptocurrency in 2021, say researchers

    December 20, 2021

    Cryptocurrency-based scammers and cyber criminals netted a whopping $7.7 billion worth of cryptocurrency from victims in 2021, marking an 81% rise in losses compared to 2020, according to blockchain analysis firm, Chainalysis. Some $1.1 billion of the $7.7 billion in losses were attributed to a single scheme which allegedly targeted Russia and Ukraine, it said. “As the ...

  • Log4j vulnerability now used to install Dridex banking malware

    December 20, 2021

    Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can ...

  • New stealthy DarkWatchman malware hides in the Windows Registry

    December 19, 2021

    A new malware named ‘DarkWatchman’ has emerged in the cybercrime underground, and it’s a lightweight and highly-capable JavaScript RAT (Remote Access Trojan) paired with a C# keylogger. According to a technical report by researchers at Prevailion, the novel RAT is employed by Russian-speaking actors who target mainly Russian organizations. The first signs of DarkWatchman’s existence appeared in ...

  • Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected

    December 19, 2021

    Confidential information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal. The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ ...

  • Conti Ransomware Gang: An Overview

    December 18, 2021

    Conti ransomware stands out as one of the most ruthless of the dozens of ransomware gangs that we follow. The group has spent more than a year attacking organizations where IT outages can have life-threatening consequences: hospitals, 911 dispatch carriers, emergency medical services and law enforcement agencies. Ireland has yet to recover from an attack ...

  • Over Log4j? VMware has another critical flaw for you to patch

    December 17, 2021

    VMware customers have probably had a busy week because more than 100 of the IT giant’s products are impacted by the Log4j bug. Now they need to make another urgent patching effort, because the virty giant has identified another critical flaw in its products that it rates as requiring urgent attention. Security advisory VMSA-2021-0029, which pertains CVE-2021-22054, ...