LockBit 3.0 Ransomware Attack on Agencavi Systems
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Agencavi Systems
Victim
Agencavi Systems
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Agencavi Systems by LockBit 3.0
Victim Profile
Agencavi Systems, an Italian company located in Italy, serves as a partner for TE Connectivity's Intercontec brand. The company specializes in providing comprehensive solutions related to TE-Intercontec connectors, offering detailed documentation, a configurator tool, and technical support for industrial applications.
Ransomware Attack Details
The LockBit 3.0 ransomware group targeted Agencavi Systems in a cyberattack, exfiltrating 19 GB of sensitive data, including client and employee information, invoices, and email correspondence. The attackers utilized ransomware tactics to infiltrate the company's systems, although the specific ransom demand remains undisclosed. A sample of the exfiltrated data was leaked by the attackers.
Company Vulnerabilities
Agencavi Systems' involvement in the manufacturing sector and its partnership with TE Connectivity's Intercontec brand may have made it a lucrative target for threat actors like LockBit 3.0. The company's access to valuable industrial data and technical information could have attracted cybercriminals seeking to exploit such assets for financial gain.
Ransomware Group Profile
The LockBit 3.0 ransomware group is considered one of the most dangerous and disruptive ransomware threats, with advanced features like file encryption, obfuscation, lateral movement capabilities, and a modular design that makes it hard to detect and defend against.
This attack on Agencavi Systems is part of the May 2024 attacks by LockBit 3.0, where the cybercriminal group resurfaced following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges in combating cybercrime effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.