LockBit 5.0 Returns with Global Ransomware Surge
Category:Threat Intelligence / Ransomware
LockBit 5.0 has re-emerged as a dominant ransomware operation, with NCC Group and Check Point data showing a 28% rise in global ransomware incidents. Despite a previous multinational takedown, the group has rebuilt infrastructure and resumed affiliate recruitment.
CORTEX Protocol Intelligence Assessment
Business Impact: The resurgence increases ransomware risk across finance, logistics, and manufacturing. Technical Context: LockBit 5.0 introduces cross-platform support for Windows, Linux, and ESXi, faster encryption, and randomized file extensions to evade detection.
Strategic Intelligence Guidance
- Harden ESXi and Linux endpoints with immutable snapshots
- Monitor for LockBit-related file extensions and ransom notes
- Review affiliate network traffic to detect potential intrusion
- Coordinate incident response tabletop exercises focused on RaaS
Threats
Targets
Intelligence Source: LockBit 5.0 expands targeting amid ransomware escalation | Oct 28, 2025