Find notable cyber news and cases, enriched with sources, timelines, and signals.

LockBit ransomware return with 5.0 and 3.0 attacks

Malware Activity
First reported
Last updated
Happening score
H score 43
2 unique sources, 2 articles

Summary

Hide ▲

LockBit resurfaced in active ransomware operations in September 2025, with at least a dozen victims hit and a mix of LockBit 5.0 and LockBit 3.0/LockBit Black observed in the field. The newer build adds Windows, Linux, and ESXi coverage, faster encryption, and unique negotiation portals, underscoring a more mature and potentially more centralized operation. The broader Q3 2025 ransomware landscape remained highly fragmented, with 85 active ransomware and extortion groups and 1,592 new victims disclosed across more than 85 leak sites. That environment increases pressure on defenders because one of the sector’s most recognizable brands is back while the wider ecosystem continues to splinter.

Related Happenings

INC ransomware encryptors rewritten in Rust

Malware Activity
H score38 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: INC's **Windows** and **Linux/ESXi encryptors** were rewritten in **Rust**, improving cross-platform development and making reverse engineering harder. The malware line also gaine...

INC ransomware group’s RaaS expansion and victim growth in 2026

Threat Actor Meta
H score45 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...

Major U.S. services company hit by ransomware attack linked to DragonForce

Incident
H score38 First: 16.06.2026 13:18 Last: 16.06.2026 13:18 Sources 1

About this happening: A **DragonForce ransomware** incident hit a **major U.S. services firm** in **December 2025**, with attackers maintaining access for **one to two months** and hiding **command-and...

VECT 2.0 ransomware-branded file destruction malware

Malware Activity
H score4 First: 28.04.2026 17:01 Last: 28.04.2026 17:01 Sources 1

About this happening: The **VECT 2.0** malware now behaves like a **wiper** rather than recoverable ransomware, permanently destroying large files and raising the stakes for victims. The destructive fl...

Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure

Campaign
H score53 First: 20.04.2026 23:02 Last: 20.04.2026 23:02 Sources 1

About this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...

Timeline

  1. 24.10.2025 18:15 2 articles · 8mo ago

    LockBit ransomware return with 5.0 and 3.0 attacks

    Initial Disclosure

    **LockBit 5.0** emerged as new victims began surfacing after the end of summer 2025. Early observed activity included both **LockBit 5.0** and **LockBit 3.0/LockBit Black** in real-world intrusions.

    Show sources