""Announced shortly after LockBit's return, the collaboration is expected to facilitate the sharing of techniques, resources, and infrastructure, strengthening each group's operational capabilities," the company noted in its ransomware report for Q3 2025. "This alliance could help restore LockBit's reputation among affiliates following last year's takedown, potentially triggering a surge in attacks on critical infrastructure and expanding the threat to sectors previously considered low risk.""
"The partnership with Qilin is no surprise, given that it has become the most active ransomware group in recent months, claiming a little over 200 victims in Q3 2025 alone. "In Q3 2025, Qilin disproportionately targeted North America-based organizations," ZeroFox said in its Q3 2025 Ransomware Wrap-Up report. "Qilin's operational tempo began to increase significantly in Q4 2024, when the collective conducted at least 46 attacks." The development coincides with the emergence of LockBit 5.0, which is equipped to target Windows, Linux, and ESXi systems."
DragonForce, LockBit, and Qilin formed a strategic ransomware alliance to share techniques, resources, and infrastructure, enhancing operational capabilities. The coalition aims to rebuild LockBit's affiliate trust after a major 2024 takedown and could trigger a surge in attacks on critical infrastructure and expand threats to sectors previously considered low risk. Qilin became the most active group in recent months, claiming a little over 200 victims in Q3 2025 and disproportionately targeting North America after an operational tempo increase beginning in Q4 2024. LockBit 5.0 emerged on September 3, 2025 with Windows, Linux, and ESXi targeting. LockBit previously targeted over 2,500 victims and received more than $500 million in ransom payments.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]