LockBit malware is back - and nastier than ever, experts claim

• LockBit 5.0 targets Windows, Linux, and ESXi with advanced obfuscation and anti-analysis techniques
• Builds on LockBit 4.0, adding stealth features like DLL reflection and dynamic API resolution
• Found active in the wild, but no confirmed victim details or campaign success disclosed yet

The notorious LockBit malware is back, and is more dangerous than ever before, experts have warned.

Security researchers from Trend Micro recently published an in-depth technical analysis of the latest iteration of the LockBit ransomware family, discovered in September 2025, as LockBit celebrated its sixth anniversary by releasing the newest iteration of its encryptor.

Called LockBit 5.0, the new variant focuses on multiple platforms, comes with technical improvements across the board, and features heavy obfuscation techniques, making it “significantly more dangerous than its predecessors”.