LockBit 5.0 Introduces New Features: ChaCha20 Encryption, Stealthy Installation, and Anti-Analysis to Target Windows, Linux, and ESXi Environments

LockBit 5.0 is a highly evolved, cross-platform ransomware-as-a-service variant that adopts ChaCha20 encryption and multiple stealthy, modular techniques—including in-memory execution, anti-analysis/ETW patching, a wiper component, targeted destruction of backup/virtualization infrastructure, and use of hard-to-recover hashing for API/process names—to maximize damage and evade detection; the report provides technical analysis of samples, IOCs, MITRE ATT&CK mapping, and defensive recommendations.