ACDC Express Hit by LockBit Ransomware in Major Cyber Attack
Incident Date:
August 11, 2024
Overview
Title
ACDC Express Hit by LockBit Ransomware in Major Cyber Attack
Victim
ACDC Express
Attacker
Lockbit3
Location
First Reported
August 11, 2024
LockBit Ransomware Group Targets ACDC Express in Major Cyber Attack
On August 13, 2024, ACDC Express, a prominent South African electrical retail and wholesale franchise, fell victim to a ransomware attack orchestrated by the notorious LockBit group. The attack compromised the company's website, disrupting its operations and potentially exposing sensitive data.
About ACDC Express
Established in 2007, ACDC Express has grown to become a significant player in the South African electrical market. The company specializes in a comprehensive range of electrical solutions, catering to both retail customers and businesses. Their offerings include lighting, wiring, circuit breakers, and backup power systems like inverters and generators. ACDC Express operates through independently owned stores and serves a wide audience, from individual consumers to large-scale enterprises.
Headquartered in Bedfordview, Gauteng, ACDC Express employs between 201 and 500 people. The company has multiple locations across South Africa, including major cities like Johannesburg, Cape Town, and Pretoria. Known for its extensive product range and customer-centric services, ACDC Express has established itself as a one-stop shop for all electrical needs.
Attack Overview
The ransomware attack on ACDC Express was executed by the LockBit group, a highly sophisticated ransomware-as-a-service (RaaS) organization. LockBit is known for its "double extortion" tactics, where they exfiltrate sensitive data and threaten to release it publicly if the ransom is not paid. The exact size of the data leak from ACDC Express remains unknown, but the incident highlights the growing threat of ransomware attacks on critical supply chain entities.
About LockBit Ransomware Group
Active since September 2019, LockBit has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. LockBit also performs checks to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region.
Penetration and Vulnerabilities
LockBit likely penetrated ACDC Express's systems by exploiting vulnerabilities in their network infrastructure. The group's ability to spread laterally via group policy or admin shares, combined with their use of sophisticated encryption techniques, makes them a formidable threat. ACDC Express's extensive online presence and reliance on digital operations may have made them an attractive target for the ransomware group.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.