Overview
LockBit 5 represents the latest iteration of the LockBit ransomware family — one of the most prolific ransomware operations in history. Following law enforcement action against previous versions, the group has rebuilt infrastructure across dozens of onion addresses. The RaaS model allows numerous affiliates to deploy the ransomware globally.
Tactics, Techniques & Procedures
RaaS affiliate model, high-volume automated exploitation, data leak site
Primary Targets
All sectors — broad indiscriminate targeting
Indicators of Compromise
- LockBit 5 encryptor
- StealBit exfiltration tool
- Cobalt Strike
- Mimikatz
MITRE ATT&CK Techniques
T1486T1041T1078T1133T1210 Exploitation of Remote Services
Quick Reference
| Status | ACTIVE |
| Type | Ransomware-as-a-Service |
| First Seen | 2025 |
| Victims Tracked | Monitored |
Dark Web Presence
http://lockbitsuppyx2jegaoyiw44ica5vdho63m5ijjlmfb7omq3tfr3qhyd.onionhttp://lockbitapt67g6rwzjbcxnww5efpg4qok6vpfeth7wx3okj52ks4wtad.onionhttp://lockbitynxdcxtuvma5deq5pxtnqoacftuigkk37xjq3whefozdpcuad.onion
Under Attack?
If you believe lockbit5 has targeted your organisation, contact Binary Response immediately.
Emergency Response Dark Web Monitoring →