LockBit 3.0 Ransomware Attack on ACLA-WERKE GmbH

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on ACLA-WERKE GmbH

Victim

ACLA-WERKE GMBH

Attacker

Lockbit3

Location

Köln, Germany

, Germany

First Reported

May 9, 2024

Ransomware Attack on ACLA-WERKE GmbH by LockBit 3.0

Overview

Falling victim to a cybercrime attack orchestrated by the LockBit 3.0 ransomware group, ACLA-WERKE, a German company, encountered typical ransomware tactics where the attackers encrypted the company's data and demanded payment for its release.

Company Profile

ACLA-WERKE GmbH is headquartered in Köln, Germany. It specializes in manufacturing technical polyurethane elastomer products for the transport and materials handling sector, A. The company operates as a privately held entity in the business support services sector. With an estimated annual revenue ranging from $25-100 million, it sustains a workforce of 100-250 individuals. Renowned for its expansive product range, ACLA-WERKE GmbH produces over 20,000 distinct parts made of polyurethane for high-tech applications.

Vulnerabilities and Targeting

The significant presence of ACLA-WERKE GmbH in the manufacturing sector, coupled with its global footprint, likely attracted the attention of threat actors. Specializing in high-quality components for the automotive industry and technical polyurethane elastomer products, the company's operations present lucrative opportunities for cybercriminals seeking to exploit vulnerabilities in supply chains and critical infrastructure.

LockBit May Attacks

Part of the May 2024 offensive by LockBit 3.0, the ransomware assault on ACLA-WERKE GmbH followed the disruption of LockBit's infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly resumed its operations, targeting over 50 victims within hours of reactivating its platform. The group's recent onslaughts have spanned diverse industries globally, underscoring the imperative for enhanced international cooperation in combating cybercrime effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.