Ransomware variant poses heightened risk to hospitals

The Health Information Sharing and Analysis Center, a nonprofit organization that works to share threat intelligence, issued an alert Oct. 1 regarding LockBit 5.0, a ransomware variant that represents an elevated risk to healthcare and other enterprises.

The variant is the latest iteration of the ransomware-as-a-service group, which resurfaced in September after a law enforcement disruption earlier in 2025. The group has expanded its cross-platform capabilities to target Windows, Linux and VMware ESXi environments, according to the alert.

LockBit 5.0 has enhanced obfuscation and evasion techniques, improved flexibility for affiliates, and the ability to encrypt entire virtual infrastructures. The ransomware appends randomized 16-character file extensions and clears event logs while terminating 63 security services to hinder detection and recovery.

Health-ISAC said analysis confirms the variant builds on LockBit 4.0’s codebase and demonstrates the group’s technical evolution. The organization advised members to reassess their defenses, strengthen protections for ESXi hosts and implement layered security measures to mitigate risk.

The post Ransomware variant poses heightened risk to hospitals appeared first on Becker’s Hospital Review | Healthcare News & Analysis.