LockBit malware is back - and nastier than ever, experts claim
Date:
Mon, 29 Sep 2025 14:31:00 +0000
Description:
New LockBit malware sports cross-platform capabilities and improved obfuscation techniques.
FULL STORY ======================================================================LockBit 5.0 targets Windows, Linux, and ESXi with advanced obfuscation and anti-analysis techniques Builds on LockBit 4.0, adding stealth features like DLL reflection and dynamic API resolution Found active in the wild, but no confirmed victim details or campaign success disclosed yet
The notorious LockBit malware is back, and is more dangerous than ever
before, experts have warned.
Security researchers from Trend Micro recently published an in-depth
technical analysis of the latest iteration of the LockBit ransomware family, discovered in September 2025, as LockBit celebrated its sixth anniversary by releasing the newest iteration of its encryptor.
Called LockBit 5.0, the new variant focuses on multiple platforms, comes with technical improvements across the board, and features heavy obfuscation techniques, making it significantly more dangerous than its predecessors. SEO poisoning and malvertising
The researchers said LockBit 5.0 builds on the previous version 4.0, so its not built from scratch. That being said, it now comes with major
improvements, including the ability to target Windows, Linux, and VMware ESXi systems. It also employs heavy obfuscation and anti-analysis techniques, mostly by loading its payload via DLL reflection and disabling Windows Event Tracing by patching the EtwEventWrite API.
It also resolves Windows API calls dynamically at runtime, making static analysis more difficult, and terminates security services using hashed comparisons against a hardcoded list. Also, unlike earlier versions, this one doesnt leave a registry-based infection marker. The ransomware appends randomized 16-character file extensions to encrypted files, and embeds original file sizes in encrypted footers, among other things. As before, it avoids encrypting Russian-language systems.
The encryptor was found in the wild, suggesting that LockBit is actively
using it in attacks. However, there was no talk of victims, their identities, or the success of the campaign.
In early 2024, law enforcement launched Operation Cronos, aimed at disrupting what was, at the time, one of the most destructive Ransomware-as-a-Service (RaaS) threats out there - LockBit.
While the operation was a success for the most part , no arrests were made, which meant the group was back at rebuilding what was lost straight away.
Via The Register You might also like LockBit ransomware gang gets hacked, leak exposes negotiations with victims Take a look at our guide to the best authenticator app We've rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/lockbit-malware-is-back-and-nastier-tha n-ever-experts-claim
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)