New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • When Scammers Get Scammed, They Take It to Cybercrime Court

    December 7, 2021

    Blocked from legitimate courts, cybercriminals have set up their own system for settling disputes, handing over ultimate decision-making to senior underground forum administrators who have awarded claims totaling as much as $20 million. A new report from Analyst1 details activities inside these underground systems and found more than 600 requests for mediation on just one Russian-language ...

  • Canadian indicted for launching ransomware attacks on orgs in US, Canada

    December 7, 2021

    The FBI and Justice Department unsealed indictments today leveling a number of charges against 31-year-old Canadian Matthew Philbert for his alleged involvement in several ransomware attacks. Officials from the Ontario Provincial Police held a press conference on Tuesday to announce the charges and Philbert’s arrest in Ottawa. In a statement, US Attorney Bryan Wilson of the District ...

  • The story of the year: ransomware in the headlines

    December 7, 2021

    In the past twelve months, the word “ransomware” has popped up in countless headlines worldwide across both print and digital publications: The Wall Street Journal, the BBC, the New York Times. It is no longer just being discussed by CISOs and security professionals, but politicians, school administrators, and hospital directors. Words like Babuk and REvil ...

  • Two Birds With One Stone: An Introduction To V8 And JIT Exploitation

    December 7, 2021

    In this special blog series, ZDI Vulnerability Researcher Hossein Lotfi looks at the exploitation of V8 – Google’s open-source high-performance JavaScript and WebAssembly engine – through the lens of a bug used during Pwn2Own Vancouver 2021. The contest submission from Bruno Keith and Niklas Baumstark exploited both Google Chrome and Microsoft Edge (Chromium) with the ...

  • State of Cybersecurity in Germany in 2021

    December 7, 2021

    According to Germany’s Federal Office for Information Security (BSI), the country faces a grave and growing threat as society becomes more digitally connected and criminals more sophisticated. The BSI said threat levels have reached red alarm levels. Threat level increased BSI published their annual report “The State of IT Security in Germany in 2021.” It highlights that ...

  • Emotet now drops Cobalt Strike, fast forwards ransomware attacks

    December 7, 2021

    In a concerning development, the notorious Emotet malware now installs Cobalt Strike beacons directly, giving immediate network access to threat actors and making ransomware attacks imminent. Emotet is a malware infection that spreads through spam emails containing malicious Word or Excel documents. These documents utilize macros to download and install the Emotet Trojan on a victim’s ...