Tag: lockbit
-
Meet LockBit 5.0: Faster ESXi drive encryption, better at evading detection
the Windows binary uses heavy obfuscation and packing: it loads its payload through DLL reflection while implementing anti-analysis techniques like Event Tracing for Windows (ETW) patching and terminating security services;the Linux variant maintains similar functionality with command-line options for targeting specific directories and file types;the ESXi variant specifically targets VMware virtualization environments, and is designed…
-
LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi
Operation Cronos didn’t kill LockBit it just came back meaner First seen on theregister.com Jump to article: www.theregister.com/2025/09/26/lockbits_new_variant_is_most/
-
LockBit’s new variant is ‘most dangerous yet,’ hitting Windows, Linux and VMware ESXi
Operation Cronos didn’t kill LockBit it just came back meaner First seen on theregister.com Jump to article: www.theregister.com/2025/09/26/lockbits_new_variant_is_most/
-
New LockBit Ransomware Variant Emerges as Most Dangerous Yet
Trend Micro highlighted the new LockBit version’s improved technical improvements and cross-platform functionality compared to previous iterations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lockbit-ransomware-most-dangerous/
-
New LockBit Ransomware Variant Emerges as Most Dangerous Yet
Trend Micro highlighted the new LockBit version’s improved technical improvements and cross-platform functionality compared to previous iterations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/lockbit-ransomware-most-dangerous/
-
LockBit 5.0 Ransomware Targets Windows, Linux, and VMware ESXi Systems
Cybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Advanced Multi-Platform Attack Strategy LockBit 5.0 represents a significant evolution in ransomware threats, featuring dedicated variants for three critical computing platforms. All variants share…
-
Fake Ukrainian Police Emails Spread New CountLoader Malware Loader
A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker. First seen on hackread.com Jump to article: hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/
-
Fake Ukrainian Police Emails Spread New CountLoader Malware Loader
A new malware loader, CountLoader, has been discovered by cybersecurity firm Silent Push. This threat is linked to prominent Russian ransomware gangs, including LockBit, BlackBasta, and Qilin, and is being used as an initial access broker. First seen on hackread.com Jump to article: hackread.com/fake-ukrainian-police-emails-countloader-malware-loader/
-
CountLoader Broadens Russian Ransomware Operations With Multi-Version Malware Loader
Cybersecurity researchers have discovered a new malware loader codenamed CountLoader that has been put to use by Russian ransomware gangs to deliver post-exploitation tools like Cobalt Strike and AdaptixC2, and a remote access trojan known as PureHVNC RAT.”CountLoader is being used either as part of an Initial Access Broker’s (IAB) toolset or by a ransomware…
-
Lockbit Linux ESXi Ransomware Variant Reveals Evasion Techniques and File Encryption Process
A recent reverse engineering analysis of a Lockbit ransomware variant targeting Linux-based ESXi servers has uncovered several sophisticated evasion techniques and operational details. The malware, first documented in 2022, employs the ptrace system call to detect debugging environments by attempting to attach to its parent process. If this fails typically due to an existing tracer…
-
What the LockBit 4.0 Leak Reveals About RaaS Groups
The leak serves as a wake-up call: Being prepared is the cornerstone of a successful defense, and those who don’t prepare are going to face uncertainty caused by the lack of attackers’ accountability. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/what-lockbit-leak-reveals-raas-groups
-
9 things CISOs need know about the dark web
Tags: 2fa, access, ai, attack, automation, backup, blockchain, botnet, breach, captcha, ceo, ciso, communications, corporate, credentials, crypto, cyber, cybercrime, cybersecurity, dark-web, data, data-breach, ddos, deep-fake, defense, detection, dns, exploit, extortion, finance, fraud, group, guide, hacking, identity, incident, incident response, infrastructure, intelligence, international, jobs, law, leak, lockbit, malicious, malware, marketplace, mfa, monitoring, network, open-source, phishing, privacy, ransomware, resilience, risk, russia, saas, scam, service, strategy, tactics, technology, threat, tool, training, vpn, vulnerability, zero-dayNew groups form after major marketplaces are disrupted: International takedown efforts damage infrastructure and curb cybercrime operations by disrupting larger operations, removing major players from the ecosystem and scattering user bases.However, the dark web is highly adaptive and sophisticated actors often maintain contingency plans, including mirrors, backups, and alternative forums, according to Edward Currie, associate…
-
Check Point untersucht Angriffe durch Kombination aus mehreren Ransomwares
Es wurde festgestellt, dass bei diesen Angriffen mehrere Arten von Ransomware gleichzeitig eingesetzt wurden. Eine davon ist die reguläre LockBit Black, die zweite verwendet die Erweiterung .x2anylock. Diese Erweiterung wurde später vom Betreiber der Ransomware Warlock verwendet, der im Bericht von Microsoft über die SharePoint-Sicherheitslücke erwähnt wird. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-untersucht-angriffe-durch-kombination-aus-mehreren-ransomwares/a41654/
-
SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
The threat actors behind the SocGholish malware have been observed leveraging Traffic Distribution Systems (TDSs) like Parrot TDS and Keitaro TDS to filter and redirect unsuspecting users to sketchy content.”The core of their operation is a sophisticated Malware-as-a-Service (MaaS) model, where infected systems are sold as initial access points to other cybercriminal organizations,” Silent Push…
-
ShadowSyndicate Infrastructure Used by Multiple Ransomware Groups Including Cl0p, LockBit and RansomHub
Cybersecurity researchers have uncovered significant overlaps between the attack infrastructure of ShadowSyndicate, also known as Infra Storm by Group-IB, and several prominent ransomware-as-a-service (RaaS) operations. Active since July 2022, ShadowSyndicate has been linked to high-profile RaaS brands such as AlphaV/BlackCat, LockBit, Play, Royal, Cl0p, Cactus, and RansomHub. The group, speculated to function more as a…
-
LockBit Operators Use Stealthy DLL Sideloading to Mask Malicious App as Legitimate One
Operators of LockBit ransomware have improved their tactics, methods, and procedures (TTPs) to avoid detection and increase damage in the always changing world of cyberthreats. By exploiting DLL sideloading and masquerading, these attackers disguise malicious activities within legitimate system processes, enabling persistence and seamless integration into compromised environments. DLL sideloading tricks trusted applications into loading…
-
Ransomware-Report Erpressungsversuche werden gezielter und Verhandlungen über Lösegeld aggressiver
Check Point Research (CPR), die Sicherheitsforschungsabteilung von Check Point Software Technologies, hat seinen Ransomware-Report für das zweite Quartal 2025 veröffentlicht. Höhepunkte des Berichts umfassen: Große Ransomware-as-a-Service-Gruppen (RaaS) brachen zusammen, wie Lockbit und Ransomhub, was zu einer Fragmentierung des kriminellen Ökosystems geführt hat, das aber nach wie vor sehr aktiv ist. Die Gruppierung um die Ransomware…
-
Storm-2603 Deploys DNS-Controlled Backdoor in Warlock and LockBit Ransomware Attacks
The threat actor linked to the exploitation of the recently disclosed security flaws in Microsoft SharePoint Server is using a bespoke command-and-control (C2) framework called AK47 C2 (also spelled ak47c2) in its operations.The framework includes at least two different types of clients, HTTP-based and Domain Name System (DNS)-based, which have been dubbed AK47HTTP and AK47DNS,…
-
Ransomware gangs capitalize on law enforcement takedowns of competitors
After authorities dismantled LockBit and RansomHub, other groups rushed in to snatch up their affiliates, according to a new report that highlights a cybercrime ecosystem in flux. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ransomware-groups-competition-check-point-report/756451/
-
Ransomware up 179%, credential theft up 800%: 2025’s cyber onslaught intensifies
Exploits multiply as defenders play catch-up: Vulnerability disclosure rose by 246%, and publicly available exploits increased by 179%, with over 20000 vulnerabilities disclosed in the first half of 202535% of which already have exploit code.A backlog of 42000 vulnerabilities awaiting NVD analysis and delays in CVE enrichment leave organizations blind to many critical flaws, the…
-
Cyberkriminelle setzen Ingram Micro Ultimatum
Tags: attack, breach, cyberattack, data, group, intelligence, leak, lockbit, ransomware, service, technology, threatRansomware-Gangster erpressen Ingram Micro.Anfang Juli 2025 wurde bekannt, dass der IT-Dienstleister Ingram Micro von einer Ransomware-Attacke betroffen ist. Diese zog auch einen mehrtägigen Ausfall der IT-Systeme nach sich. Inzwischen laufen die Systeme zwar größtenteils wieder, trotzdem könnte der größte Schaden noch bevorstehen.Denn inzwischen hat sich die Ransomware-Bande Safepay zu dem Angriff bekannt und Ingram Micro…
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
Ransomware Attacks Spike Despite Gang Closure
New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged. This is a 47% increase since the first half of 2024, which is highly concerning for major organisations due to the frequency of these attacks. However, popular ransomware groups, like Hunter international and Lockbit, have closed…
-
LockBit’s New Reality Is Out of Control Affiliates
May Database Leak Shows Ransomware Group Taking New Chances. Affiliates of beleaguered ransomware-as-a-service operation LockBit have turned toward Chinese targets, finds an analysis of a May leak of the group’s admin panel. LockBit affiliates targeted 156 organizations during that time, the majority of them located in China. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/lockbits-new-reality-out-control-affiliates-a-28666
-
LockBit panel data leak shows Chinese orgs among the most targeted
The LockBit ransomware-as-a-service (RaaS) operation has netted around $2.3 million USD within 5 months, the data leak stemming from the May 2025 hack of a LockBit affiliate … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/12/lockbit-data-leak-targets-ransoms/
-
LockBit 3.0 leveraged in novel DarkGaboon attacks against Russia
First seen on scworld.com Jump to article: www.scworld.com/brief/lockbit-3-0-leveraged-in-novel-darkgaboon-attacks-against-russia
-
New hacker group uses LockBit ransomware variant to target Russian companies
In its latest campaign this spring, DarkGaboon was observed deploying LockBit 3.0 ransomware against victims in Russia, Positive Technologies said in a report last week. First seen on therecord.media Jump to article: therecord.media/new-hacker-group-lockbit-target-russia
-
LockBit Crackdown Fragmented Russian Cybercrime Groups
Onslought Also Paved Way for Rise of English-Speaking Hackers. An international law enforcement crackdown on the LockBit ransomware group caused fragmentation and distrust among Russian-speaking cybercrime groups, paving the way for English-speaking hacking groups to gain prominence, experts said Tuesday during a London conference. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/lockbit-crackdown-fragmented-russian-cybercrime-groups-a-28585
-
DragonForce entfesselt den Machtkampf im Cyber-Untergrund
Nach dem Fall von LockBit kämpfen neue Angreifergruppen um die Vorherrschaft im Ransomware-‘Geschäft”. Dabei schrecken auch vor Angriffen auf ihre Konkurrenten nicht zurück. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/cybersecurity/dragonforce-entfesselt-den-machtkampf-im-cyber-untergrund/