Prevent undetectable malware and 0-day exploits with AppGuard!

Ransomware Fragmentation Is Rising as LockBit Returns

Tony Chiappetta
by Tony Chiappetta
November 28, 2025

Ransomware is splintering faster than ever

A new report highlighted by The Hacker News shows that ransomware has reached a critical point of fragmentation. According to Check Point Research, Q3 2025 saw 85 active ransomware and extortion groups, a level never seen before. Fourteen of those groups were brand new and nearly 1,600 victims appeared across leak sites during the quarter.

You can read the source article here: Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns.

This trend represents a serious shift in the cyber threat landscape. For years, defenders could focus on a handful of major ransomware brands. That is no longer the case. These smaller groups operate in unpredictable ways, often provide no decryption keys after payment, and disappear quickly. That makes negotiation unreliable and defense strategies more complex.

LockBit is back with new firepower

While ransomware has splintered, one major name has resurfaced: LockBit, now returning with LockBit 5.0. The new version shows clear technical upgrades including:

  • Faster encryption

  • Improved evasion capabilities

  • Ability to target Windows, Linux, and ESXi

  • More sophisticated per-victim negotiation infrastructure

Within the first month of reappearing, LockBit 5.0 had already compromised multiple victims.

The ransomware world now has two problems at once. Fragmented groups that are difficult to track and a high-end, well-resourced threat actor returning to lead large campaigns. It is a combination that puts every business at higher risk.

Why the traditional Detect and Respond approach is failing

Most organizations still rely heavily on tools that detect malicious activity and then respond to it. That approach is increasingly failing for several reasons:

  • There are too many new ransomware groups to track

  • Signature based detection becomes outdated almost immediately

  • New variants change rapidly and often bypass defensive tools

  • Response time is too slow once encryption begins

By the time detection alerts fire, ransomware often has already executed. Fragmented groups rely on this weakness because they do not need sophistication. They only need to launch an attack that hits faster than a response can contain it.

This is why modern ransomware is succeeding. Businesses are relying on a model that attackers already know how to beat.

What businesses need now: Isolation and Containment

The safest organizations today use a different approach called Isolation and Containment. Instead of detecting malware and reacting, this strategy prevents ransomware from executing or gaining the ability to spread at all.

This is where AppGuard stands out. AppGuard has more than a decade of proven success protecting systems in environments where failure is not an option. Instead of waiting for clues or signatures, AppGuard blocks untrusted or risky behaviors at the process level.

This means:

  • Unknown ransomware cannot launch

  • Zero-day attacks cannot break out of containment

  • Fileless attacks are stopped

  • Script based infections cannot reach critical resources

Whether the threat is a brand new ransomware group or an advanced version like LockBit 5.0, AppGuard stops the attack at the earliest stage. No detection. No delay. No reaction time needed.

The business impact is getting worse

The Check Point Research data also revealed that ransomware continues to hit industries such as manufacturing, business services, and healthcare at high rates. These sectors cannot afford downtime, which makes them especially attractive to attackers.

Law enforcement takedowns of major ransomware groups earlier this year did little to slow the trend. Fragmentation has made the ecosystem more resilient. Eliminating one brand simply encourages attackers to relaunch under new names.

For small and mid-sized businesses, this creates a critical decision point. Continue relying on Detect and Respond or move to modern protection that neutralizes ransomware before it begins.

Final thoughts and a call to action

The source article from The Hacker News paints a clear picture. Ransomware is evolving faster than most defensive tools can keep up. Fragmented groups and LockBit’s return mean the threat is growing in both volume and sophistication.

It is time for businesses to shift from Detect and Respond to Isolation and Containment.

If you want your business to stay ahead of these threats, talk with us at CHIPS. We can show you how AppGuard prevents the types of incidents highlighted in the article and how it provides true protection against ransomware, regardless of how quickly attackers evolve.

Let us help you stay protected before the next breach happens.

Like this article? Please share it with others!

 
Tags:
AppGuard, 0-day, Ransomware
Tony Chiappetta
Post by Tony Chiappetta
November 28, 2025
Follow me on my website Follow me on LinkedIn

Comments
How You Can Achieve Zero Trust Protection on an Endpoint

How You Can Achieve Zero Trust Protection on an Endpoint

Some IT Professionals say Zero Trust is impossible to implement however, the US Federal Government has been using these principles for decades.  Download our White Paper to learn how to fully secure your computers.