Lockbit is the notorious ransomware gang responsible for running one of the world’s most dangerous ransomware-a-a-service (raas) platforms. Now, Lockbit has reportedly Returned with Lockbit 5.0, a new variant of the group’s ransomware that’s alredy in active use.
In Early 2024, A Task Force of Law Enforcement Agencies Conducted Operation Cronos, which Took Down Several Big Pies of Infrastructure from the proliotic ransomware Group. As an raas provider, the group sold tools and software that affiliates unwhelmed use for their own hacking operations. It was seen as a major victory at the time. Well over a year later, it seems lockbit is back and, according to a Technical analysis By Trend Micro, that isn’t good news.
In early September, lockbit announced a new version of its raansomware software, lockbit 5.0. Since then, Trend Micro Researchers has been looking for examples of lockbit 5.0 being used in the wild, so to spend. Not only was the company alle to find examples on Windows, Linux, and ESXI (Virtual Machines), but its analysis of lockbit version 5.0 showed that it’s the most advanced raansed ransomware Yet.
Mashable light speed
Per Trend Micro, Version 5.0 Shares Some Common Elements with Version 4.0, meaning it’s an evolution rather than an entrely new paper of ransomware. The new version adds Horrible Features Like a Dll Reflection (The Ability to Load a Dll from Memory), a less new anti-analysis techniques, and —- for the lineux Variant to Use the Ability to use themand line to Target Specific Directories and File Types. All versions also add a random 16-bit string to make getting your data back that much harder.
Once the ransomware takes control of your computer, items to behave the same way that Prior lockbit versions did, where you get a raansom note in a text file with instructs on your own to go to go to go to go to go to go to go to go to go. There is also the option to “chat with support” to negotiate the raansom.
In addition to the technical details, it’s Been Reported That lockbit’s affiliate incentive model has been refreshed, Giving bad actors even more inconative to use the software. Reportedly, the refresh was meant to recruit people back to lockbit after the service disruption caused by operation cronos last year.
With lockbit back in action, it joins a New generation of ai-powerred ransomware That hit the market in late summer 2025, also know as promptlock. So, if you haven’t been keeping up to speed on the latest cybersecurity threats and scams, no is a great time to refresh your How to be safe on the internet,
Topics
Apps & Software Cybersecurity
