LockBit ransomware resurgence in multi-region attacks
Malware Activity
Summary
Hide ▲
Show ▼
The LockBit ransomware family has returned to active attack operations, putting at least a dozen organizations at risk of encryption and data-theft extortion in September 2025. The observed infections used LockBit 5.0 and LockBit 3.0/LockBit Black, and they affected Windows and Linux systems across Western Europe, the Americas, and Asia. The newer build adds ESXi support, anti-analysis features, and ransom-note workflows that threaten publication of stolen data after a 30-day deadline.
Related Happenings
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target Trend
First: 17.03.2026 23:41
Last: 17.03.2026 23:41
Sources 1
About this happening:
**Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates
Target TrendAbout this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...
Vect ransomware activity with cross-platform encryption and double extortion
Malware Activity
First: 03.02.2026 16:00
Last: 03.02.2026 16:00
Sources 1
About this happening:
Security researchers say **Vect** is a new **ransomware-as-a-service (RaaS)** operation that has already claimed victims in **Brazil** and **South Africa**. Its malware targets **...
Vect ransomware activity with cross-platform encryption and double extortion
Malware ActivityAbout this happening: Security researchers say **Vect** is a new **ransomware-as-a-service (RaaS)** operation that has already claimed victims in **Brazil** and **South Africa**. Its malware targets **...
Sicarii ransomware per-execution RSA key generation breaks decryption
Malware Activity
First: 28.01.2026 00:15
Last: 28.01.2026 00:15
Sources 1
About this happening:
The **Sicarii ransomware** now stands out for a **broken decryption process** that generates a new **RSA key pair** on each execution and discards the private key, leaving victims...
Sicarii ransomware per-execution RSA key generation breaks decryption
Malware ActivityAbout this happening: The **Sicarii ransomware** now stands out for a **broken decryption process** that generates a new **RSA key pair** on each execution and discards the private key, leaving victims...
VolkLocker ransomware-as-a-service with free-decryption flaw
Malware Activity
First: 15.12.2025 07:33
Last: 15.12.2025 07:33
Sources 1
About this happening:
The **CyberVolk**-linked **VolkLocker** ransomware-as-a-service has resurfaced with a flaw that lets victims **decrypt files without paying**. The **Golang** ransomware targets **...
VolkLocker ransomware-as-a-service with free-decryption flaw
Malware ActivityAbout this happening: The **CyberVolk**-linked **VolkLocker** ransomware-as-a-service has resurfaced with a flaw that lets victims **decrypt files without paying**. The **Golang** ransomware targets **...
CyberVolk VolkLocker RaaS debut targeting Linux/VMware ESXi and Windows
Malware Activity
First: 13.12.2025 17:11
Last: 13.12.2025 17:11
Sources 1
About this happening:
**CyberVolk** expanded its **VolkLocker** ransomware operation in **August 2025**, putting **Linux/VMware ESXi** and **Windows** environments at risk. The malware’s **Golang timer...
CyberVolk VolkLocker RaaS debut targeting Linux/VMware ESXi and Windows
Malware ActivityAbout this happening: **CyberVolk** expanded its **VolkLocker** ransomware operation in **August 2025**, putting **Linux/VMware ESXi** and **Windows** environments at risk. The malware’s **Golang timer...
Timeline
-
24.10.2025 18:15 2 articles · 7mo ago
Initial report: LockBit ransomware resurgence in multi-region attacks
Initial DisclosureThe rumored **LockBit** comeback became operational in **September 2025**, when new victims began appearing again. The activity now spans multiple regions and both **Windows** and **Linux** targets.
Show sources
- New LockBit Ransomware Victims Identified by Security Researchers — www.infosecurity-magazine.com — 24.10.2025 18:15
- New LockBit Ransomware Victims Identified by Security Researchers — www.infosecurity-magazine.com — 24.10.2025 18:15