HTC Global Services Hit by LockBit 3.0 Ransomware

Incident Date:

May 7, 2024

World map



HTC Global Services Hit by LockBit 3.0 Ransomware


HTC Global Services




Troy, USA

Michigan, USA

First Reported

May 7, 2024

Ransomware Attack on HTC Global Services by LockBit 3.0

Attack Overview

A leading global digital services and solutions provider established in 1990 and headquartered in Troy, Michigan, HTC Global Services, fell victim to a cyberattack by the LockBit 3.0 ransomware group. The company operates across North America, Europe, Asia Pacific, the Middle East, and India, offering expertise in legacy and emerging digital technologies to deliver transformative outcomes for clients, including Fortune 1000 companies.

Company Overview

HTC Global Services is a global provider of Information Technology and Business Process Services (BPS) with a focus on maximizing client returns by using innovative technology solutions. The company partners with healthcare organizations to support their initiatives by integrating and optimizing healthcare industry solutions, providing cost containment, and improving operational efficiencies.


Being a prominent player in the digital services industry, HTC Global Services, may have been targeted by threat actors due to its extensive client base, global presence, and valuable data assets. The company's focus on healthcare services and technology solutions could have made it an attractive target for cybercriminals seeking to exploit sensitive information for financial gain.

LockBit 3.0 Ransomware Group

The LockBit 3.0 ransomware group is an evolution of the LockBit group, known for its advanced encryption techniques and obfuscation methods. LockBit 3.0 operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks. The group has been actively recruiting affiliates and expanding its attack volume across various devices and operating systems, making it a significant threat in the cybersecurity landscape.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced following the disruption of its infrastructure during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the need for enhanced international cooperation to combat cybercrime effectively.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.