VERY IMPORTANT

LockBit 5.0, the latest version of the notorious ransomware, has been released with support for Windows, Linux, and ESXi systems. This update brings improved defense evasion, faster encryption, and enhanced modularity. The Windows variant employs extensive anti-analysis techniques, while Linux and ESXi versions remain unpacked. All variants share a common encryption scheme using XChaCha20 and Curve25519. LockBit 5.0 demonstrates a focus on enterprise and infrastructure targets, including explicit support for Proxmox virtualization. The group's data leak site reveals a primary focus on the U.S. business sector, with victims spanning various industries. LockBit's infrastructure has shown connections to SmokeLoader, suggesting possible cooperation or infrastructure reuse among malware operators.