LockBit ransomware attack Mount Vernon

Updated on 2022-12-29

The city of Mount Vernon, Ohio, fell victim to a LockBit ransomware attack that was launched via a remote access tool. The restoration process is in progress. Read more: NEWS ALERT: City Experiences Data Breach

Updated on 2022-12-28

The LockBit gang has also added the Portuguese port to its list of victims and threatens to publicize the stolen data if the ransom of $1.5 million is not paid. Read more: LockBit claims an attack on the Port of Lisbon

Updated on 2022-12-27: Japanese police and LockBit

Japanese press is reporting that Japan’s National Police Agency has been successfully decrypting networks encrypted with the LockBit ransomware all year. Read more:

Updated on 2022-12-19: California finance department hacked

And with ransomware front of mind, authorities in California say they were hit by a security incident — likely ransomware, given LockBit is claiming responsibility for stealing dozens of gigabytes of data. The state said it was responding and investigating. Meanwhile, the Cuba ransomware group was found using Microsoft-signed malicious drivers to better target victims with ransomware, a major escalation in the group’s technical abilities. Read more:

Updated on 2022-12-14

The HHS warned the healthcare and public health sector organizations against the rising number of LockBit 3.0 ransomware attacks, along with other ransomware and triple-extortion. Read more: LockBit 3.0 Ransomware Threatens Health Sector, Feds Warn

Updated on 2022-12-13

The LockBit ransomware gang claimed responsibility for attacking California’s Department of Finance and stealing 76 GB of data, including court filings, IT and financial documents, and databases. Read more: California authorities confirm cyber intrusion, LockBit claims ransomware hit

Updated on 2022-12-12: California DoF ransomware attack

The California Department of Finance confirmed on Monday that it suffered a security breach, hours after the LockBit ransomware gang listed the agency as a victim on its dark web leak site. No data has been leaked yet, and the agency has been given until Christmas Eve to pay to avoid having more than 500GB of files published online. Read more: Statement on Cybersecurity Incident

California DoF ransomware attack

Updated on 2022-12-02

Research published by Sophos disclosed that LockBit 3.0 features new capabilities and takes functionalities from the BlackMatter ransomware. Read more: Lockbit 3.0 has BlackMatter ransomware code, wormable traits

Updated on 2022-12-01: LockBit 3.0 Black

Sophos published a report on the LockBit 3.0 ransomware, also known as LockBit Black. The report found several similarities between the LockBit 3.0 code and BlackMatter and the presence of various scripts that try to add self-spreading worm capabilities to the LockBit code. Read more:

Updated on 2022-11-27: FBI joins Continental ransomware probe

The FBI is helping German automotive supplier Continental investigate its recent cyberattack, blamed on the LockBit ransomware gang, after its leak page claimed to offer access to 40 terabytes of stolen data for $50 million. Read more:

Updated on 2022-11-25: Continental ransomware attack

German authorities have called in the FBI to help with their investigation into the ransomware attack that hit Continental, a major supplier for the international automotive industry. According to a Handelsblatt report, the LockBit ransomware gang breached Continental in July and spent a month exfiltrating data from its network before attempting to extort the company for $50 million. In August, Continental gleefully said that it had averted a cyberattack before admitting that it got hacked earlier this month after the LockBit gang leaked some of its data. Read more:

Updated on 2022-11-22

LockBit 3.0 claimed responsibility for the ransomware attack against municipal services in Westmount, Quebec, and gave a deadline for ransom payment until December 4. Read more: LockBit 3.0 Says It’s Holding a Canadian City for Ransom

Updated on 2022-11-16: Amadey Loader

And here’s a technical report on Amadey, a malware loader recently used to deploy the LockBit ransomware. Read more: LockBit 3.0 Being Distributed via Amadey Bot

Updated on 2022-11-15: Thales ransomware attack

French weapons manufacturer Thales confirmed that some of its data got posted online by the LockBit ransomware but denied that hackers got access to any of its systems. In a press release, the company said the hackers most likely gained access to the portal of one of its collaborators. Read more: THALES POSITION ON LOCKBIT 3.0

Updated on 2022-11-14

LockBit 3.0 started leaking confidential information belonging to Thales. However, the company stated that the breach will have no effect on its operations. Read more: Lockbit gang leaked data stolen from global high-tech giant Thales

Updated on 2022-11-13: LockBit ransomware suspect nabbed in Canada, faces charges in the U.S.

U.S. federal prosecutors landed another win this week following the arrest of Mikhail Vasiliev, a 33-year-old from Ontario, Canada, who they accuse of involvement with the LockBit ransomware group. LockBit is one of the most notorious ransomware operations, with more than 1,000 targets to date, and a proponent of double-extortion, where data is published if a second (or any) ransom isn’t paid. The suspect is to be extradited to the U.S. to face trial. Both Thales and automotive manufacturing giant Continental were both listed by LockBit’s leak site this week. Read more:

Updated on 2022-11-11: LockBit operator arrested in Canada

Mikhail Vasiliev, 33, a dual Russian and Canadian national, was arrested in Canada for his alleged participation in the LockBit global ransomware operation. According to court documents, Vasiliev appears to have been one of the LockBit gang’s affiliates, a member that buys access to corporate networks and deploys the gang’s ransomware. US authorities are seeking his extradition to the US to face charges for attacks on US organizations. Read more: Man Charged for Participation in LockBit Global Ransomware Campaign

Updated on 2022-11-10

After claiming responsibility for the attack on Continental, the LockBit ransomware group is offering to sell the stolen data for $50 million. Read more: Ransomware Gang Offers to Sell Files Stolen From Continental for $50 Million

Updated on 2022-11-07

The LockBit ransomware group claimed to have hacked Kearney & Company. The gang has published a sample of stolen data, including audit reports and financial documents. Read more: LockBit 3.0 gang claims to have stolen data from Kearney & Company

Updated on 2022-11-06

Stolen data from Kilvington Grammar School, Australia, was published on the dark web by LockBit. No other details have been released so far. Read more: LockBit ransomware gang hits Melbourne school Kilvington Grammar

Updated on 2022-11-04

The LockBit ransomware group announced it had hacked Continental, a German automotive parts manufacturer. It is threatening to leak all the stolen data by November 04. Read more: LockBit ransomware gang claims the hack of Continental automotive group

Updated on 2022-11-02

The LockBit 3.0 gang claimed to have attacked French defense and technology firm Thales. The ransomware gang is threatening to leak the stolen data by November 7. Read more: LockBit 3.0 gang claims to have stolen data from Thales

Updated on 2022-10-28: LockBit main threat for ICS sector

A report from ICS security firm Dragos analyzes the ransomware attacks that have targeted the industrial sector across the world in Q3 2022. Per the company, the LockBit and Black Basta gangs were responsible for the vast majority of incidents targeting ICS firms. Read more: Dragos Industrial Ransomware Analysis: Q3 2022

Updated on 2022-10-17

Oomiya, a Japanese microelectronics and facility system designer and manufacturer, was hit by a LockBit 3.0 affiliate. The operators claim to have stolen company data and threaten to leak it by October 20, 2022 if it doesn’t pay the ransom. Read more: Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Updated on 2022-10-14

LockBit 3.0 builder: On the same note, NTT Security has a report on the leaked LockBit 3.0 builder. Read more: LockBit3.0 BuilderによるEncryptorの特徴解析

Updated on 2022-10-12

AhnLab reported that LockBit affiliates are disseminating their ransomware via compromised Microsoft Exchange servers. The actors stole 1.3TB of data from a customer of the security firm. Read more: LockBit affiliates compromise Microsoft Exchange servers to deploy ransomware

Updated on 2022-10-11: A new suspected Exchange zero-day

South Korean security firm AhnLab said it suspects that a webshell it found in a recent LockBit ransomware attack might have been installed using a new undisclosed zero-day vulnerability in the Microsoft Exchange email server. Microsoft, or any other security firm or researcher, has yet to confirm this.

Updated on 2022-10-10: BRB ransomware attack

BRB, one of the largest banks in Brazil, paid 50 BTC ($950,000) to cyber criminals this week following a ransomware attack that took place last weekend. According to Brazilian tech news outlet Tecmundo, the attack was linked to Crydat, an affiliate for the LockBit ransomware gang. Read more: Banco BRB sofre ataque de ransomware e acaba chantageado

Updated on 2022-10-09

Threat actors leveraged the LockBit ransomware to attack the Bank of Brasilia, a government-controlled bank in Brazil, and demanded a ransom of 50 BTC. Read more: Brazil’s BRB Bank Pays 50 BTC After Being Targeted by a Ransomware Attack

Updated on 2022-09-29: LockBit leak yielding results

Security researchers have spotted a new version of the Bloody ransomware that has been built on the recently-leaked LockBit ransomware builder. More here.

Read more in

Updated on 2022-09-28: Leaked Lockbit builder is in use

The Bl00dy ransomware group has become the first reported group that used the Lockbit 3.0 builder, which was leaked last week. It came to light after hackers used a new encryptor against a Ukrainian organization. It took a while for researchers to identify the ransomware involved in the attack as initial characteristics resembled Conti or LockBit.

Updated on 2022-09-27

The recently formed Bl00Dy ransomware group was found using the leaked builder for LockBit 3.0 in its attacks in the wild. Previously, the group had used leaked builders for Babuk and Conti. Read more: Bl00dy ransomware gang started using leaked LockBit 3.0 builder in attacks

Updated on 2022-09-23: LockBit ransomware builder leaks online

The builder for the LockBit 3.0 ransomware strain was leaked online and has been widely shared over the past few days. The builder leak was initially advertised as a hack of the LockBit ransomware gang servers, but the leak was later also attributed to an intentional leak by one of LockBit’s former programmers in a gesture of revenge against their former employer.

As was the case of other core ransomware tools that leaked in the past, such as the Babuk and Conti source code, security experts now expect that numerous low-level threat actors will adopt the highly advanced LockBit builder for their own operations going forward. A technical analysis of the LockBit builder is also available here, and the builder itself is available on GitHub.