New LockBit 5.0 Targets Windows, Linux, ESXi
LockBit 5.0 represents a significant evolution of the LockBit ransomware family, now targeting Windows, Linux, and VMware ESXi environments with a unified codebase. This research details the heavy obfuscation techniques including string encryption and API hashing, anti-analysis measures that detect sandboxes and debuggers, and geopolitical safeguards that skip CIS-region systems. The article covers the full kill chain from initial access through lateral movement to encryption, with comparative analysis against previous LockBit versions.
Related Research
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
Discovered Agenda ransomware deploying Linux variants on Windows systems via remote management tools and BYOVD techniques for cross-platform evasion.
Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
Uncovered Agenda ransomware group adopting SmokeLoader and a new loader named NETXLOADER for improved delivery and evasion.
Play Ransomware's First Linux Variant Targets ESXi
Thread announcing the discovery of a new Linux variant of Play ransomware targeting ESXi environments, marking an expansion in the group's range and impact.
Agenda Ransomware Exploits MeshAgent and WSL for Cross-Platform Attacks
Thread on Agenda ransomware exploiting MeshAgent and Windows Subsystem for Linux (WSL) to deploy Linux payloads on Windows systems, raising the bar for cross-platform sophistication.