LockBit 3.0 Ransomware Attack on Agencavi Systems

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Agencavi Systems

Victim

Agencavi Systems

Attacker

Lockbit3

Location

Liscate, Italy

, Italy

First Reported

May 9, 2024

Ransomware Attack on Agencavi Systems by LockBit 3.0

Victim Profile

Agencavi Systems, an Italian company located in Italy, serves as a partner for TE Connectivity's Intercontec brand. The company specializes in providing comprehensive solutions related to TE-Intercontec connectors, offering detailed documentation, a configurator tool, and technical support for industrial applications.

Ransomware Attack Details

The LockBit 3.0 ransomware group targeted Agencavi Systems in a cyberattack, exfiltrating 19 GB of sensitive data, including client and employee information, invoices, and email correspondence. The attackers utilized ransomware tactics to infiltrate the company's systems, although the specific ransom demand remains undisclosed. A sample of the exfiltrated data was leaked by the attackers.

Company Vulnerabilities

Agencavi Systems' involvement in the manufacturing sector and its partnership with TE Connectivity's Intercontec brand may have made it a lucrative target for threat actors like LockBit 3.0. The company's access to valuable industrial data and technical information could have attracted cybercriminals seeking to exploit such assets for financial gain.

Ransomware Group Profile

The LockBit 3.0 ransomware group is considered one of the most dangerous and disruptive ransomware threats, with advanced features like file encryption, obfuscation, lateral movement capabilities, and a modular design that makes it hard to detect and defend against.

This attack on Agencavi Systems is part of the May 2024 attacks by LockBit 3.0, where the cybercriminal group resurfaced following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges in combating cybercrime effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.