Cybersecurity Breach: LockBit 3.0 Ransomware Attack on Sagacious Research Private Limited

Incident Date:

April 18, 2024

World map



Cybersecurity Breach: LockBit 3.0 Ransomware Attack on Sagacious Research Private Limited


Sagacious Research Private Limited




Gurugram, India

, India

First Reported

April 18, 2024

Ransomware Attack on Sagacious Research Private Limited by LockBit 3.0

Company Overview

Sagacious Research Private Limited, incorporated on February 29, 2008, is a prominent player in the intellectual property (IP) research and consulting sector. The company specializes in patent research, intellectual property research, patent litigation, and patent drafting solutions. With a revenue range between INR 1 crore and 100 crores for the fiscal year ending March 31, 2023, Sagacious Research has shown robust financial growth, with a 36.48% increase in EBITDA and a 38.42% rise in book net worth over the previous year.

The firm employs between 201 and 500 individuals across its global offices in India, the USA, China, and Canada, positioning it as a significant entity with a diverse workforce and extensive operational reach.

Ransomware Attack Details

The LockBit 3.0 ransomware group, also known as LockBit Black, has claimed responsibility for a cyberattack on Sagacious Research Private Limited. This attack resulted in the exfiltration of approximately 4.4 terabytes of sensitive data, including customer patents, drawings, and confidential correspondence. The compromised data encompasses a wide array of documents from cloud storage, NDA/restricted files, employee computer files, backups, financial records, and detailed business processes.


The breach exposes significant vulnerabilities within Sagacious Research's cybersecurity measures, particularly in protecting intellectual property and sensitive client information. The scale of the data breach and the nature of the stolen documents could potentially lead to substantial financial and reputational damage, affecting client trust and competitive positioning in the IP research and consulting industry.

Ransomware Group Profile

LockBit 3.0, an evolution of the earlier LockBit ransomware iterations, operates under a Ransomware-as-a-Service (RaaS) model. This group is known for its aggressive targeting tactics and has been involved in numerous high-profile ransomware attacks globally. The ransomware is designed to encrypt files, alter filenames, change desktop wallpapers, and leave a ransom note, making it particularly disruptive.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.