loader image
Red warning screen with bold white text reading "LockBit 5.0", indicating LockBit 5.0 strikes Windows systems.
LockBit 5.0 Strikes Windows, Linux, ESXi Systems

The LockBit ransomware gang has reemerged with LockBit 5.0, a revamped variant that actively targets Windows, Linux, and ESXi platforms. After months of silence following law enforcement’s Operation Cronos, the group’s administrator rebuilt its infrastructure and resumed attacks. LockBit 5.0 strikes Windows systems in particular, with 80% of infections affecting that platform during a wave of attacks in September 2025.

The group compromised at least a dozen organizations across Western Europe, Asia, and the Americas. Half of the attacks used LockBit 5.0, while the rest relied on LockBit Black. LockBitSupp, the group’s administrator, recruited new affiliates through underground forums, requiring a $500 Bitcoin deposit for access. LockBit 5.0 strikes Windows and other systems using faster encryption, random file extensions, and stronger anti-analysis tools to evade detection.

Check Point researchers confirmed that the group’s Ransomware-as-a-Service model is fully operational again.

Read the official article at:

LockBit 5.0 Actively Attacking Windows, Linux, and ESXi Environments

Write a Reply or Comment

Your email address will not be published. Required fields are marked *