Analysis of LockBit 3.0 Ransomware Attack on Governmental Department of Insurance, Securities and Banking

Incident Date:

April 18, 2024

World map



Analysis of LockBit 3.0 Ransomware Attack on Governmental Department of Insurance, Securities and Banking


Department of Insurance, Securities and Banking




Washington, USA

District of Columbia, USA

First Reported

April 18, 2024

Analysis of the LockBit 3.0 Ransomware Attack on the Department of Insurance, Securities and Banking

Victim Overview

The Department of Insurance, Securities and Banking (DISB), as part of the District of Columbia government, plays a crucial role in regulating financial services entities, including insurance companies, securities firms, and banking institutions. The DISB's primary function is to protect the interests of consumers and enhance the financial stability of the market through regulatory oversight. The department's website, serves as a critical portal for information dissemination and service provision to local businesses and the general public.

Attack Overview

The LockBit 3.0 ransomware group, also known as LockBit Black, has claimed responsibility for a cyberattack against the DISB. According to their dark web leak site, the group has threatened to release a substantial data trove amounting to 800 GB, which includes sensitive data extracted from multiple sources including MSSQL databases. The initial leak involves a 1 GB sample intended to pressure the DISB into meeting their demands. This attack underscores the increasing threat posed by ransomware groups targeting governmental entities.


The potential release of sensitive data could have significant economic and security implications, not only for the District of Columbia but also for the entities regulated by the DISB. The data in question could include personal information of residents, confidential business information, and details critical to the financial and securities markets. Such exposure could lead to financial losses, identity theft, and a loss of public trust in the affected institutions.

Vulnerabilities and Target Profile

Governmental entities like the DISB are attractive targets for cybercriminals due to the vast amounts of sensitive data they hold. Additionally, these institutions often face challenges in maintaining up-to-date cybersecurity defenses due to budgetary constraints or bureaucratic delays in updating IT infrastructure. The high-profile nature of the data also makes them prime targets for ransomware attacks aimed at extracting large ransoms.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.