• Business

    LockBit malware is back – and nastier than ever, experts claim

    AnyFans Posted on

    By Sead Fadilpašić

    Copyright techradar

    LockBit malware is back - and nastier than ever, experts claim

    Skip to main content

    Tech Radar Pro

    Tech Radar Gaming

    Close main menu

    the business technology experts

    België (Nederlands)

    Deutschland

    North America

    US (English)

    Australasia

    New Zealand

    View Profile

    Search TechRadar

    Expert Insights

    Website builders

    Web hosting

    Best web hosting
    Best office chairs
    Best website builder
    Best antivirus
    Expert Insights

    Don’t miss these

    Experts warn criminals are using backdoor malware to target governments

    The first AI-powered ransomware has been spotted – and here’s why we should all be worried

    Hackers are abusing ‘FileFix’ technique to drop RATs during ransomware attacks

    Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn

    New Gold Salem ransomware could be the most worrying new strain we’ve seen for a while

    Dangerous new Linux malware strikes – thousands of users see passwords, personal info stolen, here’s what we know

    FBI urges users to beware worrying Interlock ransomware attacks

    Another devious antivirus killer tool has been found – so make sure you’re protected

    New malware avoids antivirus detection, unleashes a “plague” on your devices

    Your antivirus is under attack from new “killer” tool – here’s what we know

    Microsoft flags dangerous cybercriminals ransacking organizations – and then letting you know about it via Teams

    This new malware really goes the extra mile when it comes to infecting your devices

    Hackers hijack Microsoft Teams to spread malware to certain firms – find out if you’re at risk

    The AI-powered future of ransomware is coming soon – here’s what we need to look out for

    Scattered Spider hackers are targeting US critical infrastructure via VMware attacks

    YOUR NEXT READ:

    Hackers are using GPT-4 to build a virtual assistant – here’s what we know

    This long-exposed SonicWall flaw is being used to infect organizations with Akira ransomware – so patch now

    It doesn’t take a genius to be a cybercriminal – and open source ransomware is making it easier than ever

    LockBit malware is back – and nastier than ever, experts claim

    Sead Fadilpašić

    29 September 2025

    New LockBit version comes with cross-platform capabilities

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

    (Image credit: Shutterstock)

    LockBit 5.0 targets Windows, Linux, and ESXi with advanced obfuscation and anti-analysis techniques
    Builds on LockBit 4.0, adding stealth features like DLL reflection and dynamic API resolution
    Found active in the wild, but no confirmed victim details or campaign success disclosed yet

    The notorious LockBit malware is back, and is more dangerous than ever before, experts have warned.

    Security researchers from Trend Micro recently published an in-depth technical analysis of the latest iteration of the LockBit ransomware family, discovered in September 2025, as LockBit celebrated its sixth anniversary by releasing the newest iteration of its encryptor.
    Called LockBit 5.0, the new variant focuses on multiple platforms, comes with technical improvements across the board, and features heavy obfuscation techniques, making it “significantly more dangerous than its predecessors”.

    You may like

    Experts warn criminals are using backdoor malware to target governments

    The first AI-powered ransomware has been spotted – and here’s why we should all be worried

    Hackers are abusing ‘FileFix’ technique to drop RATs during ransomware attacks

    SEO poisoning and malvertising
    The researchers said LockBit 5.0 builds on the previous version 4.0, so it’s not built from scratch. That being said, it now comes with major improvements, including the ability to target Windows, Linux, and VMware ESXi systems. It also employs heavy obfuscation and anti-analysis techniques, mostly by loading its payload via DLL reflection and disabling Windows Event Tracing by patching the EtwEventWrite API.

    It also resolves Windows API calls dynamically at runtime, making static analysis more difficult, and terminates security services using hashed comparisons against a hardcoded list. Also, unlike earlier versions, this one doesn’t leave a registry-based infection marker. The ransomware appends randomized 16-character file extensions to encrypted files, and embeds original file sizes in encrypted footers, among other things. As before, it avoids encrypting Russian-language systems.
    The encryptor was found in the wild, suggesting that LockBit is actively using it in attacks. However, there was no talk of victims, their identities, or the success of the campaign.
    In early 2024, law enforcement launched Operation Cronos, aimed at disrupting what was, at the time, one of the most destructive Ransomware-as-a-Service (RaaS) threats out there – LockBit.

    Are you a pro? Subscribe to our newsletter
    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
    Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
    While the operation was a success for the most part, no arrests were made, which meant the group was back at rebuilding what was lost straight away.
    Via The Register
    You might also like

    LockBit ransomware gang gets hacked, leak exposes negotiations with victims
    Take a look at our guide to the best authenticator app
    We’ve rounded up the best password managers

    Sead Fadilpašić

    Social Links Navigation

    Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

    You must confirm your public display name before commenting

    Please logout and then login again, you will then be prompted to enter your display name.

    Experts warn criminals are using backdoor malware to target governments

    The first AI-powered ransomware has been spotted – and here’s why we should all be worried

    Hackers are abusing ‘FileFix’ technique to drop RATs during ransomware attacks

    Microsoft SharePoint worries increase as ransomware gangs join the party, experts warn

    New Gold Salem ransomware could be the most worrying new strain we’ve seen for a while

    Dangerous new Linux malware strikes – thousands of users see passwords, personal info stolen, here’s what we know

    Latest in Security

    Companies are facing more cyberattacks than ever before – and many just can’t cope

    Volvo says staff data was stolen following recent ransomware attack on IT supplier

    Harrods cyberattack – over 430,000 customers have data stolen, here’s how to stay safe

    Look out – these fake Microsoft Teams installers are just spreading dangerous malware

    Qualcomm Guardian is its rival to Intel’s popular vPro platform management system – it can even work without Wi-Fi, but I’m not sure whether it’s such a good thing

    Watch out – hackers are using AI to make phishing emails even more convincing

    Latest in News

    What is the release date for 9-1-1 season 9 episode 1 on Hulu and other streaming services?

    ChatGPT is getting parental controls starting today – here’s what they do and how to set them up

    YouTube Premium gets 5 handy new features, including faster playback and higher-quality audio

    A new PS5 Pro model could be on the horizon, but it’s not going to be much different

    The M5 MacBook Pro just edged closer to launch, but the latest M6 rumors suggest you might want to wait

    Now AI is everywhere in businesses, is anyone actually using it?

    LATEST ARTICLES

    YouTube Premium gets 5 handy new features, including faster playback and higher-quality audio

    ChatGPT is getting parental controls starting today – here’s what they do and how to set them up

    What is the release date for 9-1-1 season 9 episode 1 on Hulu and other streaming services?

    Look out – these fake Microsoft Teams installers are just spreading dangerous malware

    What is the release date for Gen V season 2 episode 5 on Prime Video?

    TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

    Contact Future’s experts

    Terms and conditions

    Privacy policy

    Cookies policy

    Advertise with us

    Web notifications

    Accessibility Statement

    Future US, Inc. Full 7th Floor, 130 West 42nd Street,

    Please login or signup to comment

    Please wait…

    You Might Also Like