VERY IMPORTANT

LockBit, originating as ABCD ransomware in 2019, has evolved to version 5.0 in September 2025. After a period of inactivity, it resumed operations in December 2025 with a reduced affiliate sign-up fee. LockBit 5.0, nicknamed ChoungDong, consists of a Loader and Ransomware component. The Loader decrypts and executes the payload in memory, while the Ransomware uses ChaCha20 and Curve25519 for encryption. This update significantly enhances evasion techniques and attack efficiency, introducing features like Mutex, Execution Delay, and Wiper. The group's history includes affiliation with the Maze cartel, independent operations, and continuous upgrades. Mitigation strategies involve monitoring process behavior, applying security patches, and preparing for swift responses using provided IoCs and MITRE ATT&CK techniques.