LockBit ransomware returns with a vengeance, affecting multiple OSes

The cybercriminal group known as Lockbit published an improved 5.0 version of its ransomware (Lockbit 5.0), which is “much more dangerous”, warns Trend Micro. Malware is now simultaneously attacks Windows, Linux and VMware ESXi environments.

Thanks to new obscure techniques, such as DLL reflection in Windows and aggressive packaging, Lockbit 5.0 evokes known safety solutions. The Linux version allows specific attacks on directories and file types via command lines. With VMware Esxi, malware is the virtual machines, which can paralyze entire infrastructure. A 16 -digit random file extension makes it difficult to recover encrypted data.

Trend micro explains:

The existence of Windows, Linux and ESXi variants confirms the continuous multiplatform strategy of Lockbit, allowing simultaneous attacks on whole business networks, including virtualized environments. Intensive darkness and technical improvements to all variants make Lockbit 5.0 much more dangerous than its predecessors.

With Lockbit pursuing a multi -platform ransomware strategy, modular architecture and secret encryption routines now threaten workstations, servers and hypervisors (virtual machine monitors). “No operating system or platform can be considered as sheltered from modern ransomware campaigns,” said Trend Micro.

Despite the Cronos operation, which took place in 2024 and saw the authorities of 10 countries confiscate the servers and the keys of Lockbit, Lockbit continues to show resilience. The three variants of lockbit are always active, which makes the group one of the most dangerous at the moment.

Companies should take full measures to protect themselves against ransomware, including regular data backups, final points security and special protection of virtualization infrastructure. Ransomware damage could involve everything from data loss to critical stops in the system.

Read more in -depth: How to activate Windows Ransomware protection