Anatomage Cyberattack: Insights on LockBit 3.0 Ransomware

Incident Date:

May 1, 2024

World map

Overview

Title

Anatomage Cyberattack: Insights on LockBit 3.0 Ransomware

Victim

Anatomage

Attacker

Lockbit3

Location

San Jose, USA

California, USA

First Reported

May 1, 2024

Anatomage Ransomware Attack by LockBit 3.0

Company Profile

Anatomage, based in Santa Clara, California, is a pioneer in the medical technology sector, specializing in 3D imaging solutions for anatomy education and clinical applications. Their flagship product, the Anatomage Table, is a life-sized, fully segmented real human 3D anatomy platform. This tool is not only a staple in educational environments but also FDA cleared for clinical use, integrating various medical imaging data. Anatomage employs approximately 138 people and has been influential in the field since its inception in 2004.

Details of the Attack

The ransomware group known as LockBit 3.0, has claimed responsibility for the recent cyberattack on Anatomage. This attack involved the deployment of ransomware that encrypted the company's data, making it inaccessible and disrupting operations. The attack was announced on their dark web leak site, indicating a serious breach of security at Anatomage.

Ransomware Group Profile

LockBit 3.0, emerging in 2022, represents the latest evolution of the LockBit ransomware family. Known for its Ransomware-as-a-Service (RaaS) model, LockBit 3.0 allows affiliates to deploy the ransomware, increasing its reach and impact. This group is notorious for its ability to execute attacks that are both modular and evasive, making detection and prevention challenging for targeted organizations.

Potential Vulnerabilities and Entry Points

Anatomage's high reliance on digital platforms for both educational and clinical tools might have exposed them to increased cybersecurity risks. The integration of various medical imaging data into their systems could also provide multiple entry points for cybercriminals. LockBit 3.0's capability to move laterally through networks and its sophisticated obfuscation techniques likely played a role in the successful penetration of Anatomage’s defenses.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.