LockBit is back, and it is hitting harder than ever. CyberSecurityNews recently reported that the notorious ransomware group has launched LockBit 5.0, also known as ChuongDong, and it is actively attacking Windows, Linux and ESXi environments. Source: CyberSecurityNews (https://cybersecuritynews.com/lockbit-5-0-actively-attacking/)
This resurgence follows the major global law enforcement operation early in 2024 that disrupted LockBit infrastructure and briefly slowed its activity. That slowdown did not last long. LockBit has rebuilt, regrouped, and returned with upgraded capabilities designed to bypass defenses and hit organizations across multiple platforms.
For business leaders, this serves as another reminder that ransomware actors are not going away. They evolve, adapt and innovate. Your security strategy must do the same.
According to the report, LockBit 5.0 includes:
New builds targeting Windows, Linux and VMware ESXi
Roughly 80 percent of observed samples targeting Windows, with 20 percent focused on Linux and ESXi
Enhanced encryption routines
Randomized 16 character file extensions to evade signature based detection tools
Anti analysis techniques to frustrate investigation and reverse engineering
Active attacks across North America, Europe and Asia
LockBit has also improved its ability to bypass traditional security tools and move quickly through environments once it gains initial access. The campaign demonstrates a continued focus on both corporate IT and hybrid datacenter environments. This includes the growing volume of attacks targeting hypervisors like ESXi.
When ransomware begins encrypting a virtual environment that hosts multiple servers, the business impact compounds quickly. Downtime becomes costly. Recovery becomes chaotic. And often the damage is done before detection tools sound an alarm.
Most businesses still rely on detection driven security. EDR, traditional antivirus and SIEM tools are helpful, but they operate under a reactive model. The threat must run, be observed and trigger an alert before action is taken.
This model fails when:
Malware uses new code and randomized artifacts that signatures do not catch
Zero day vulnerabilities are used before detection engines can identify them
Attackers move quickly to encrypt or steal data before response kicks in
Security teams are overwhelmed or slow to respond
LockBit 5.0 is tailor built to exploit this gap. By the time a detection system recognizes the threat, significant harm may already be underway.
Business leaders cannot rely on hope and alerts. They need security that prevents malicious behavior the moment it tries to execute.
AppGuard represents a fundamentally different approach. Instead of trying to detect threats, it blocks unauthorized actions outright through isolation and containment. If a malicious process tries to launch, inject code, modify critical system areas or escalate privileges, it is stopped automatically.
This is true even if the threat is brand new, unknown and signatureless.
AppGuard has been proven in real world deployments for over a decade and is now available widely for commercial use. It focuses on stopping attacks before they execute damage, not reacting after they begin.
Key benefits include:
Blocking process tampering, file system modification and lateral movement
Preventing ransomware and unknown exploits from executing
Eliminating dependency on signatures or threat feeds
Working silently in the background without user disruption
Modern threats require modern defenses that assume attackers are already inside and stop them from acting.
Review your endpoint and server security posture
Assume attackers will find a way around detection tools
Prioritize prevention, isolation and containment
Evaluate AppGuard as a strategic control
Work with a partner who understands modern threat dynamics
Cyber criminals are investing heavily in innovation. Your defenses must do the same.
At CHIPS, we help organizations move to a prevention first security model powered by AppGuard. With LockBit 5.0 actively targeting multi platform environments, now is the time to protect your systems before ransomware hits.
Call to action
If you are a business owner looking to prevent incidents like this, talk with us at CHIPS. AppGuard can keep ransomware from detonating in the first place. Let us help you shift from detect and respond to true isolation and containment so your business stays protected.
Like this article? Please share it with others!