"The Windows variant now loads payloads via DLL reflection and employs aggressive anti-analysis packing; the Linux variant accepts command-line directives to tailor which directories and file types to hit; and the ESXi version is built to seize virtualization infrastructure by encrypting VMs. What's more, each encrypted file is stamped with a random 16-character extension, a move designed to make restoring your data even more of a nightmare."
"This is no incremental upgrade. Trend Micro warns that the combination of modular architecture, stealthy encryption routines and multi-OS targeting gives LockBit 5.0 the potential to paralyse entire enterprise stacks, from endpoints to hypervisor hosts."
"Trend Micro has sounded the alarm over the new LockBit 5.0 ransomware strain, which it warns is "significantly more dangerous" than past versions due to its newfound ability to simultaneously target Windows, Linux, and VMware ESXi environments. LockBit's revival, as seen in version 5.0, follows a dramatic law enforcement takedown earlier this year. In February, authorities in the UK and the US launched "Operation Cronos," seizing servers, domain infrastructure, and decryption keys in an effort to dismantle the group."
LockBit 5.0 introduces cross-platform ransomware capable of simultaneously targeting Windows, Linux, and VMware ESXi environments. The new iteration features dramatically enhanced evasion, obfuscation, and modular architecture that enable stealthier operations and more flexible payload deployment. The Windows variant loads payloads via DLL reflection and uses aggressive anti-analysis packing. The Linux variant accepts command-line directives to specify target directories and file types. The ESXi variant can encrypt virtual machines and seize virtualization infrastructure. Each encrypted file is given a random 16-character extension to complicate recovery and increase the difficulty of remediation across enterprise stacks.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]