LockBit is Back in Business – 50+ Victims Reported in Just 60 Days

ByLockbit Decryptor August 23, 2025November 25, 2025

The notorious LockBit ransomware gang is making headlines once again, proving that their reign in the cybercrime world is far from over. Following the recent shutdown of RansomHub, LockBit operators seem to have quickly regained momentum, unleashing a surge of new attacks across the globe.

Also read: LockBit Ransomware Decryptor

Over the past 60 days, our team has received reports from more than 50 victims worldwide, many of whom have confirmed infections linked to LockBit 3.0 Black Edition. This sudden spike suggests that LockBit is aggressively reclaiming lost ground and potentially targeting organizations that were previously in the sights of RansomHub.

Ransom Notes with Multiple Contact Options

Victims report that the latest LockBit 3.0 Black Edition ransom notes include:

ProtonMail addresses for communication.
TOX IDs for encrypted chat.
In some cases, a unique session ID that victims must use to establish contact with the attackers.

This approach indicates LockBit is refining its extortion methods, ensuring victims have multiple secure channels to negotiate, while making it harder for law enforcement to track or intercept communications.

Why the Surge?

Cybersecurity experts believe that after the collapse of RansomHub operations, many affiliates and cybercriminals may have migrated back to LockBit, boosting its activity. LockBit’s reputation for stability, advanced encryption, and profitable extortion models makes it an attractive option for affiliates seeking a reliable ransomware-as-a-service (RaaS) partner.

A Warning to Businesses

This resurgence serves as a stark reminder for businesses to tighten their defenses. LockBit’s Black Edition is known for:

Rapid network-wide encryption.
Double extortion tactics (encrypting files and threatening to leak data).
Use of multiple negotiation channels to pressure victims into paying.

Companies are urged to review their security posture, update incident response plans, and invest in ransomware-specific defenses.

Conclusion

With LockBit powering up once again after RansomHub’s exit, organizations worldwide face a renewed wave of ransomware threats. The cybercrime landscape remains volatile, and LockBit’s return signals yet another dangerous chapter in the ongoing ransomware epidemic.

Get Help For Lockbit Ransomware Now

News
Who is LockbitSupp? (Latest Update)
ByLockbit Decryptor May 7, 2024November 25, 2025
The Justice Department today unsealed an indictment charging Russian national Dmitry Yuryevich Khoroshev as the administrator and developer of the LockBit ransomware group. The U.S. Department of State, through the Transnational Organized Crime Rewards Program (TOCRP), is announcing a reward offer of up to $10,000,000 for information leading to the arrest and/or conviction in any…
Read More Who is LockbitSupp? (Latest Update)
News
Law Enforcement Agencies from 12 Countries Target LockBit Ransomware Gang in Major Crackdown
ByLockbit Decryptor October 5, 2024November 25, 2025
In a significant development in the fight against cybercrime, law enforcement agencies from 12 countries have collaborated to arrest four individuals linked to the notorious LockBit ransomware gang. This operation marks a crucial phase in ongoing efforts to dismantle one of the most prolific ransomware organizations in the world. Among those arrested is a suspected…
Read More Law Enforcement Agencies from 12 Countries Target LockBit Ransomware Gang in Major Crackdown
Lockbit 4.0 | News
LockBit 4.0 to Launch February 3, 2025, Marking a New Wave of Ransomware Attacks
ByLockbit Decryptor December 21, 2024November 25, 2025
At lockbitdecryptor.com, we’ve uncovered shocking revelations that the notorious LockBit ransomware gang is preparing to unleash LockBit 4.0, their latest and most advanced variant, on February 3, 2025. This exclusive information, directly sourced from the dark web and verified through our intelligence network, highlights a significant escalation in ransomware threats for both organizations and individuals…
Read More LockBit 4.0 to Launch February 3, 2025, Marking a New Wave of Ransomware Attacks
News
LockBit 3.0 Is Back Again with More Power: Ransomware Surge Targets Global Enterprises
ByLockbit Decryptor April 13, 2025November 25, 2025
The notorious ransomware group LockBit has once again intensified its presence on the cybercrime stage. Just months after being disrupted by law enforcement agencies, LockBit 3.0—also known as “LockBit Black“—has returned with renewed strength, deploying a more powerful encryptor and targeting a fresh wave of organizations worldwide. A Relentless Comeback Recent cybersecurity reports reveal a…
Read More LockBit 3.0 Is Back Again with More Power: Ransomware Surge Targets Global Enterprises
News
Lockbit 3.0 Black is Back Again with More Powerful Encryptions after FBI Attack
ByLockbit Decryptor April 6, 2024November 25, 2025
Recently, our team was analyzing new variants of Lockbit 3.0 ransomware and found a sample by victim. He is the owner of a small tech company in Turkey, contacted our team and sent some sample files for testing. After testing extensively, our team got to know that these files are very similar with the Lockbit…
Read More Lockbit 3.0 Black is Back Again with More Powerful Encryptions after FBI Attack
News
LockBit 5.0 Ransomware Returns: Group Reactivates Dark-Web Site and Publishes Dozens of New Victims
ByLockbit Decryptor December 6, 2025December 6, 2025
Date: 6 December 2025 The LockBit ransomware syndicate has officially resurfaced after months of relative silence, launching what appears to be its largest comeback since the international takedown of its infrastructure in early 2024. The group has restored its dark-web presence and introduced LockBit 5.0, the latest and most advanced version of its ransomware platform….
Read More LockBit 5.0 Ransomware Returns: Group Reactivates Dark-Web Site and Publishes Dozens of New Victims

One Comment

Pingback: LockBit 5.0 Returns After Crackdown — Ransomware Giant Turns to Cartel Model? - Lockbit Decryptor

Ransom Notes with Multiple Contact Options

Why the Surge?

A Warning to Businesses

Conclusion

Similar Posts

One Comment

Leave a Reply Cancel reply