LockBit 5.0 ransomware iteration advertised for Windows, Linux, and ESXi
Malware Activity
Summary
Hide ▲
Show ▼
The LockBit 5.0 ransomware iteration was first advertised on September 3, 2025, signaling a fresh release that could expand the group's reach across Windows, Linux, and ESXi environments. The announcement matters because it shows LockBit actively pushing updated tooling back into circulation after prior disruption. Posting the release on the RAMP darknet forum also ties the version to the group's affiliate ecosystem. Together, those details suggest a renewed effort to restore operational momentum.
Related Happenings
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor Meta
First: 21.04.2026 17:00
Last: 21.04.2026 17:00
Sources 1
About this happening:
**The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
The Gentlemen affiliate-driven RaaS expansion and enterprise scale-up
Threat Actor MetaAbout this happening: **The Gentlemen ransomware gang** is using a **legitimate vulnerable driver** to defeat enterprise defenses, weaponizing **ThrottleStop.sys** as **ThrottleBlood.sys** to kill **AV...
NAKIVO Backup & Replication v11.2 general-availability release adds ransomware defense and secure email auth
Security Tool/Service
First: 18.04.2026 16:45
Last: 18.04.2026 16:45
Sources 1
About this happening:
**NAKIVO Backup & Replication v11.2** is now generally available, adding **ransomware-resilience controls**, **OAuth 2.0 email authentication**, and expanded **VMware vSphere 9**...
NAKIVO Backup & Replication v11.2 general-availability release adds ransomware defense and secure email auth
Security Tool/ServiceAbout this happening: **NAKIVO Backup & Replication v11.2** is now generally available, adding **ransomware-resilience controls**, **OAuth 2.0 email authentication**, and expanded **VMware vSphere 9**...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor Meta
First: 31.03.2026 15:15
Last: 31.03.2026 15:15
Sources 1
About this happening:
TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns
Threat Actor MetaAbout this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target Trend
First: 17.03.2026 23:41
Last: 17.03.2026 23:41
Sources 1
About this happening:
**Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target TrendAbout this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)
Security Patch Release
First: 11.02.2026 15:28
Last: 11.02.2026 15:28
Sources 1
About this happening:
On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...
Patch Tuesday multi-vendor security patch release (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: On **Patch Tuesday**, **software vendors** released security updates across **OS, cloud, network, and application platforms**, closing multiple flaws in widely used products and s...
Timeline
-
08.10.2025 15:04 2 articles · 7mo ago
LockBit 5.0 first advertised for Windows, Linux, and ESXi
Initial DisclosureLockBit 5.0 was first advertised on the RAMP darknet forum on September 3, 2025, marking a new ransomware iteration tied to the LockBit affiliate ecosystem and designed to target Windows, Linux, and ESXi systems.
Show sources
- LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem — thehackernews.com — 08.10.2025 15:04
- LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem — thehackernews.com — 08.10.2025 15:04