Hello, have you heard of LockBit 5.0 ransomware? I just finished reading the latest CYFIRMA report and the latest version is very concerning. It is expected to gain traction on hacker forums, so you definitely should know what it does.
• Countries such as China, U.S., Taiwan, Brazil, and Turkey
• Industries like manufacturing, IT, finance, government, consumer services
It can travel across USB drives, so even minor errors can be hazardous.
If you operate virtual servers, this particular ransomware can jam numerous systems at the same time, making it especially concerning for businesses.
• Random file names make it hard to detect by antivirus software.
• Blocks Windows logs, hiding its activity.
• Functions on all platforms, including virtual servers.
• Easy-to-use for other hacktivists to use, so it can spread faster.
In short, we would consider this ransomware as upgraded.
1. Back your data up offline, then test the backups.
2. Use some sort of security software that watches for abnormal behavior.
3. It would be valuable to separate your various networks, limiting the damage.
4. Be vigilant of any suspicious activity, like blocked logs.
5. Be sure to protect your virtual servers (especially ESXi).
LockBit claims are being derived from hacker forums, and CYFIRMA has conveyed that this situation is critical but not entirely substantiated yet.
So, what exactly is LockBit 5.0?
LockBit 5.0 is a new kinda ransomware. It's a program that locks your files and you pay money to unlock the files. Here are some specifics from the report:- It appends a random 16-character extension to files that it locks.
- There will be a ransom note titled 'ReadMeForDecrypt.txt'. The note states if you want to decrypt your data, then you must pay or your data will be made available online for viewing.
- It states not to touch the files or contact the police, which is scary.
- It blocks Windows logs, so it cannot be seen via IT logs.
- It avoids running on computers in Russia.
- It has the ability to execute on Windows, Linux, and other virtual servers (ESXi).
- It has a clean interface to make it easy for other criminals to use.
Who’s in jeopardy?
LockBit 5.0 targets a number of places:• Countries such as China, U.S., Taiwan, Brazil, and Turkey
• Industries like manufacturing, IT, finance, government, consumer services
It can travel across USB drives, so even minor errors can be hazardous.
If you operate virtual servers, this particular ransomware can jam numerous systems at the same time, making it especially concerning for businesses.
Why it’s different
According to experts, this is why LockBit 5.0 is different:• Random file names make it hard to detect by antivirus software.
• Blocks Windows logs, hiding its activity.
• Functions on all platforms, including virtual servers.
• Easy-to-use for other hacktivists to use, so it can spread faster.
In short, we would consider this ransomware as upgraded.
Ways to protect yourself
To ensure your own safety, implement the following recommendations:1. Back your data up offline, then test the backups.
2. Use some sort of security software that watches for abnormal behavior.
3. It would be valuable to separate your various networks, limiting the damage.
4. Be vigilant of any suspicious activity, like blocked logs.
5. Be sure to protect your virtual servers (especially ESXi).
LockBit claims are being derived from hacker forums, and CYFIRMA has conveyed that this situation is critical but not entirely substantiated yet.