diserang hacker seburuk apa keamanan siber ri dibanding negara asean 169 Mitra IT | Your Trusted & Reliable Software Solutions

Lockbit Online Extortionists Strike Again, New Target Revealed

Jakarta, CNBC Indonesia – SThe hacker group behind Lockbit is back in action. They have now released a new version of the ransomware to increase the threat to their targets.

A Trend Micro report stated that the Lockbit 5.0 ransomware also targets a number of operating systems, including Windows, Linux, and VMWare ESXi. This enhancement makes mitigation and recovery more difficult, as reported by Tech Spot, Thursday (October 2, 2025).

Tech Spot reveals the capabilities of LockBit 5.0 for each operating system. The Windows version can incorporate DLL reflection for payload delivery, a packaging layer to block analysis, thus enabling it to bypass traditional monitoring tools.

Meanwhile, on Linux, attackers issued customized command-line options. They also selected specific file types and directories to encrypt.

On ESXi, the ransomware targets the virtualization infrastructure, encrypting virtual machines and compromising the host at the hypervisor level.

To complicate decryption and prolong recovery time, the hackers also add a random 16-character file extension to each instance.

According to Trend Micro researchers, LockBit 5.0 is a modular architecture. Therefore, components such as encryption routines, evasion technologies, and platform-specific payloads will work together to defeat attackers.

The researchers believe this new capability underpins LockBit’s intended cross-platform strategy. The group will disrupt computing environments, from workstations to the virtual platforms that underpin data centers.

Trend Micro also noted that LockBit remains resilient and robust despite the international enforcement campaign against the group.

The company urges organizations to implement a cross-platform security strategy to avoid becoming victims. It also urges organizations to focus on virtualized infrastructure, as it is an attractive target.

In mid-2020, Indonesia also experienced a ransomware attack that crippled the Temporary National Data Center (PDNS).

The findings indicate that the incident, which occurred on June 20, 2024, was a brain cipher ransomware attack. This is the latest variant of the Lockbit 3.0 ransomware, based on samples taken.

SOURCE : CNBC INDONESIA