New LockBit 5.0 Targets Windows, Linux, ESXi


Trend™ Research has identified and analyzed the source binaries of a new LockBit version in the wild, which is the latest from the group’s activities following the February 2024 law enforcement operation (Operation Cronos) that disrupted their infrastructure.

In early September, the LockBit ransomware group reportedly resurfaced for their sixth anniversary, announcing the release of “LockBit 5.0”. Trend Research discovered a binary available in the wild and began analysis that initially discovered a Windows variant and confirmed the existence of Linux and ESXi variants of LockBit 5.0. This latest news continues the group’s established cross-platform strategy seen since LockBit 2.0 in 2021.

Read more…
Source: Trend Micro


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Povlsomware PoC Ransomware Features Cobalt Strike Compatibility

    March 1, 2021

    Povlsomware (Ransom.MSIL.POVLSOM.THBAOBA) is a proof-of-concept (POC) ransomware first released in November 2020 which, according to their Github page, is used to “securely” test the ransomware protection capabilities of security vendor products. Povlsomware has not garnered much attention at the moment, being talked about in only a few sites — however, it has some interesting characteristics, ...

  • World’s leading dairy group Lactalis hit by cyberattack

    March 1, 2021

    Lactalis, the world’s leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company’s systems. Lactalis (short for Lactalis Group) has 85,000 employees in 51 countries, and it exports dairy products to over 100 countries around the world. The dairy group controls multiple leading international brands, including Président, Galbani, Lactel, Santal, ...

  • Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall

    March 1, 2021

    Germany-based cybersecurity company Genua has fast-tracked a fix for a critical flaw in one of its firewall products. If exploited, the vulnerability could allow local attackers to bypass authentication measures and log in to internal company networks with the highest level of privileges. Genua says it offers more than 20 security solutions for encrypting data communication ...

  • Hackers use black hat SEO to push ransomware, trojans via Google

    March 1, 2021

    The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. Apart from increasing the number of payloads, Gootloader has been seen distributing them across ...

  • Bad bots are on the attack, and your defence plan is probably wrong

    March 1, 2021

    Google is warning that bots are causing more problems for business — but many companies are only focused on the most obvious attacks. At the outset of the COVID-19 pandemic Microsoft chief Satya Nadella said Microsoft had seen “two years’ worth of digital transformation in two months.” Google now sees that attackers have adapted to these ...

  • Universal Health Services lost $67 million due to Ryuk ransomware attack

    March 1, 2021

    Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. UHS, a Fortune 500 hospital and healthcare services provider, has over 90,000 employees who provide services to roughly 3.5 million patients each year in more than 400 US and UK healthcare facilities. UHS said last ...