LockBit ransomware returns with a vengeance, affecting multiple OSes

The cybercriminal group LockBit has released a new and improved version of its ransomware, LockBit 5.0, which now targets Windows, Linux, and VMware ESXi environments simultaneously. The malware employs advanced obfuscation techniques, such as DLL reflection and aggressive packing, to evade known security solutions. The Linux version allows targeted attacks on specific directories and file types, while the VMware ESXi variant encrypts virtual machines, potentially paralyzing entire infrastructures. Despite Operation Cronos in 2024, which saw authorities confiscate LockBit servers and keys, the group continues to show resilience, with all three variants still active. This makes LockBit one of the most dangerous ransomware groups currently. Companies are advised to take comprehensive measures, including regular data backups, endpoint security, and special protection for virtualization infrastructures, to guard against the potentially devastating consequences of ransomware attacks.