LockBit ransomware reemerges after 2024 takedown

After months of speculation, the LockBit ransomware group has made a confirmed comeback, with cybersecurity firm Check Point reporting at least a dozen new attacks across Western Europe, the Americas, and Asia since September 2025, according to Infosecurity Magazine.

In its October 23 report, Check Point revealed that half of the targeted organizations were infected with the newly developed LockBit 5.0 variant, while the rest suffered from LockBit 3.0, also known as LockBit Black. The group's re-emergence follows its partial takedown in early 2024 under Operation Cronos.

The new LockBit 5.0, codenamed "ChuongDong," features enhanced security, cross-platform compatibility for Windows, Linux, and ESXi, and improved anti-analysis measures. Affiliates are now required to pay a $500 Bitcoin deposit for access to its updated management panel and encryptors.

According to Check Point, the recent attacks show "a clear sign that LockBits infrastructure and affiliate network are once again active."