New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Ransomware attack halts production at IoT maker Sierra Wireless

    March 23, 2021

    A multinational manufacturer of Internet of Things (IoT) devices has halted production after falling victim to a ransomware attack. Canadian IoT maker Sierra Wireless says it suffered a ransomware attack against its internal IT systems on March 20, which has led to production being halted at its manufacturing sites. Internal operations have also been disrupted by ...

  • Ransomware gang leaks data stolen from Colorado, Miami universities

    March 23, 2021

    Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. Starting in December, threat actors affiliated with the Clop ransomware operation began targeting Accellion FTA servers and stealing the data stored on them. Companies use these servers to share ...

  • Energy Giant Shell Is Latest Victim of Accellion Attacks

    March 23, 2021

    Energy giant Royal Dutch Shell is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance (FTA) product, which already has affected numerous companies and been attributed to the FIN11 and the Clop ransomware gang. “Shell has been impacted by a data-security incident involving Accellion’s File Transfer Appliance,” the ...

  • Purple Fox malware worms its way into exposed Windows systems

    March 23, 2021

    Purple Fox, a malware previously distributed via exploit kits and phishing emails, has now added a worm module that allows it to scan for and infect Windows systems reachable over the Internet in ongoing attacks. The malware comes with rootkit and backdoor capabilities, was first spotted in 2018 after infecting at least 30,000 devices, and is ...

  • Office 365 Cyberattack Lands Disgruntled IT Contractor in Jail

    March 23, 2021

    A former IT contractor has been sentenced to two years in prison after hacking into a company’s server and deleting the majority of its employees’ Microsoft Office 365 (O365) accounts. The incident resulted in the company completely shutting down for two days. The 32-year-old contractor, Deepanshu Kher, was initially employed by an unnamed IT consulting firm ...

  • UK colleges and unis urged to prepare for ransomware before it’s too late

    March 23, 2021

    Britain’s National Cyber Security Centre (NCSC) has urged universities, schools, and colleges to be vigilant following an increase in ransomware attacks targeting educational institutions. “While operational details cannot be disclosed, the NCSC has dealt with a significant increase in the number of attacks since late February, when establishments were preparing to welcome students back to the ...