The cybercriminal group known as LockBit has released an improved 5.0 version of its ransomware (LockBit 5.0), which is “significantly more dangerous,” warns Trend Micro . The malware now attacks Windows, Linux, and VMware ESXi environments simultaneously.

Thanks to new obfuscation techniques, such as DLL reflection in Windows and aggressive packing, LockBit 5.0 evades known security solutions . The Linux version allows precise attacks on directories and file types via command lines. With VMware ESXi, the malware encrypts virtual machines, which can paralyze entire infrastructures. A random 16-digit file extension makes it difficult to recover encrypted data.

Trend Micro explains:

The existence of Windows, Linux, and ESXi variants confirms LockBit’s continued cross-platform strategy

See Full Page