Notice warns of new LockBit 5.0 ransomware variant

Oct 03, 2025 - 03:37 PM
Symantic cyberattack

A Health-ISAC (Information Sharing and Analysis Center) bulletin released Oct. 1 warns of a recently released LockBit 5.0 ransomware variant that poses a threat to health care and other sectors. LockBit 5.0 is the latest version of the ransomware-as-a-service group that has previously attacked hospitals and other organizations in the U.S. and abroad. The notice said the new variant directly targets virtual environments and has improved and enhanced technical capabilities, evasion techniques and affiliate engagement. The variant is known to target Windows, Linux and VMware ESXi software. Health-ISAC said the new variant’s technical capabilities make it faster, more flexible for affiliates and harder for security to detect and analyze. LockBit was disrupted by authorities last year before resurfacing last month.

“This is a very technical bulletin, but it’s important to note that it addresses a new version of a well-known ransomware,” said Scott Gee, AHA deputy national advisor for cybersecurity and risk. “Hospitals should ensure that they have defensive measures in place and that those measures are tuned and working properly.”

For more information on this or other cyber and risk issues, contact Gee at sgee@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.

Related News Articles

Headline
AHA podcast: Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Larry Pierce, director of cybersecurity and information security officer for Atlantic Health, unpacks how the growth of artificial intelligence is reshaping…
Headline
Agencies issue guidance on secure connectivity for operational technology
U.S. and international agencies Jan. 14 released guidance on secure connectivity for operational technology environments. Examples of OT environments in health…
Headline
AHA expresses support for bill improving cybersecurity workforce in rural hospitals
The AHA Jan. 14 expressed support for the Rural Hospital Cybersecurity Enhancement Act (S. 2169), legislation that would direct the Department of Health and…
Headline
FBI warns of attacks by North Korean cyber threat group using malicious QR codes
The FBI Jan. 8 released an alert on evolving threat tactics by Kimsuky, a North Korean state-sponsored cyber threat group. As of last year, the group…
Headline
CISA issues update on voluntary cybersecurity performance goals 
The Cybersecurity and Infrastructure Security Agency Dec. 11 released an update to its voluntary Cybersecurity Performance Goals, which includes measurable…
Headline
Agencies warn of state-sponsored cyberattacks from Russia, China
U.S. and international agencies are warning of potential cyberattacks on health care and other critical infrastructure from state-sponsored cyber actors in…