The cybercriminal group known as LockBit has released an improved 5.0 version of its ransomware (LockBit 5.0), which is “significantly more dangerous,” warns Trend Micro. The malware now attacks Windows, Linux, and VMware ESXi environments simultaneously.
Thanks to new obfuscation techniques, such as DLL reflection in Windows and aggressive packing, LockBit 5.0 evades known security solutions. The Linux version allows precise attacks on directories and file types via command lines. With VMware ESXi, the malware encrypts virtual machines, which can paralyze entire infrastructures. A random 16-digit file extension makes it difficult to recover encrypted data.
Trend Micro explains:
The existence of Windows, Linux, and ESXi variants confirms LockBit’s continued cross-platform strategy, enabling simultaneous attacks across entire enterprise networks including virtualized environments. Heavy obfuscation and technical improvements across all variants make LockBit 5.0 significantly more dangerous than its predecessors.
With LockBit pursuing a cross-platform ransomware strategy, the modular architecture and covert encryption routines now threaten workstations, servers, and hypervisors (virtual machine monitors) alike. “No operating system or platform can be considered safe from modern ransomware campaigns,” emphasizes Trend Micro.
Despite Operation Cronos, which took place in 2024 and saw authorities from 10 countries confiscate LockBit servers and keys, LockBit continues to show resilience. All three variants of LockBit are still active, which makes the group one of the most dangerous right now.
Companies should take comprehensive measures to guard against ransomware, including regular data backups, endpoint security, and special protection of virtualization infrastructures. Ransomware damage could involve everything from data loss to critical system shutdowns.
Further reading: How to turn on Windows’ ransomware protection
This article originally appeared on our sister publication PC-WELT and was translated and localized from German.
Author: René Resch, Contributor, PCWorld
René has been part of the Foundry team in Germany since 2013. He initially began his career in the development team. He then worked as a trainee and freelancer in the area of portal management. He has been working as a freelance author since 2017. He is particularly interested in topics such as tech trends, games and PCs.