Find notable cyber news and cases, enriched with sources, timelines, and signals.

LockBit September 2025 multi-region ransomware campaign

Campaign
First reported
Last updated
Happening score
H score 43
2 unique sources, 2 articles

Summary

Hide ▲

LockBit returned in a renewed ransomware campaign that hit at least a dozen organizations in September 2025. The activity spanned Western Europe, the Americas and Asia, and used both LockBit 5.0 and LockBit 3.0 / LockBit Black, indicating the operation’s infrastructure and affiliate network were active again. The campaign affected Windows and Linux systems and extended the threat with ESXi support in the newer build. Updated ransom notes added personalized negotiation links and a 30-day deadline before stolen data would be published.

Related Happenings

INC ransomware group’s RaaS expansion and victim growth in 2026

Threat Actor Meta
H score45 First: 18.06.2026 17:12 Last: 18.06.2026 17:12 Sources 1

About this happening: **INC** has grown from a **RaaS** startup into one of **2026**’s most prolific ransomware groups, with **830+ victims since August 2023**. The expansion followed affiliate migrati...

Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure

Campaign
H score53 First: 20.04.2026 23:02 Last: 20.04.2026 23:02 Sources 1

About this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...

Scattered Spider SMS phishing and SIM-swap crypto theft campaign

Campaign
H score53 First: 20.04.2026 16:33 Last: 20.04.2026 16:33 Sources 1

About this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...

Aleksey Olegovich Volkov sentenced in Yanluowang ransomware case

Law Enforcement
H score35 First: 24.03.2026 15:06 Last: 24.03.2026 15:06 Sources 1

About this happening: The **Justice Department** said **Aleksey Olegovich Volkov** was **sentenced to 81 months** in prison for serving as an **initial access broker** in **Yanluowang ransomware** atta...

The Gentlemen RaaS split exposed by hastalamuerte

Threat Actor Meta
H score25 First: 19.03.2026 18:00 Last: 19.03.2026 18:00 Sources 1

About this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...

Timeline

  1. 24.10.2025 18:15 3 articles · 8mo ago

    LockBit September 2025 multi-region ransomware campaign

    Initial Disclosure

    **Early September 2025** marked LockBit’s public comeback when the group unveiled **LockBit 5.0** on underground forums and called for new affiliates. The first wave of follow-on activity showed the ransomware network was active again after earlier disruption.

    Show sources