Particle.news
Download on the App Store
3 ARTICLES
·
6h ago

LockBit, Qilin and DragonForce Form Ransomware Alliance as LockBit 5.0 Debuts

Security firms say the coalition arrives during elevated extortion activity, raising the risk of more frequent attacks on critical infrastructure.

Image

Overview

  • ReliaQuest reports that DragonForce, LockBit and Qilin have formed a strategic partnership to share techniques, resources and infrastructure.
  • Analysts warn the alliance could restore LockBit’s standing with affiliates after last year’s takedown and broaden targeting to sectors previously seen as lower risk.
  • LockBit 5.0 has been observed targeting Windows, Linux and VMware ESXi, after being advertised on September 3 on the RAMP forum, with affiliates told critical infrastructure is no longer off limits.
  • Threat activity remains high, with ReliaQuest tracking a record 81 active data‑leak sites in Q3 and ZeroFox counting at least 1,429 ransomware and extortion incidents, as Qilin leads recent activity and disproportionately targets North America.
  • ReliaQuest says it has not yet observed joint operations or a combined leak site for the trio, though the groups have publicly signaled plans to coordinate and share more details.