LockBit 3.0 Ransomware Attack on Alian Plastics SA
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Alian Plastics SA
Victim
Alian Plastics SA
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Alian Plastics SA by LockBit 3.0
Victim Company Profile
Alian Plastics SA, based in Monterrey, Mexico, is a private entity with over 25 years of experience in providing comprehensive solutions globally through plastic injection molding and secondary operations. They are well-equipped to supply plastic components and assembly needs. Alian Plastics SA is part of Al Kathiri Holding Company, which is involved in managing subsidiaries, owning industrial property rights, and increasing its capital over the years. The CEO of Al Kathiri Holding Company is Meshal Mohammed Nasser Al Kathiri, who holds a Bachelor's degree in Marine and Military Sciences.
Ransomware Attack Details
Alian Plastics fell victim to a cyberattack perpetrated by the LockBit 3.0 ransomware group. The attackers employed ransomware techniques to compromise Alian's systems, resulting in the exfiltration of 166 GB of sensitive data, including invoices, banking, financial data, and more. While the specific ransom demand was not disclosed, the attackers leaked a sample of the exfiltrated data.
LockBit 3.0 Ransomware Group
The LockBit 3.0 ransomware group is an evolution of the LockBit group, known for its Ransomware-as-a-Service (RaaS) model. LockBit 3.0, also known as LockBit Black, is considered one of the most dangerous and disruptive ransomware threats currently active. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study.
LockBit May Attacks
In May 2024, Alian Plastics fell victim to a cyberattack orchestrated by the LockBit 3.0 ransomware group. Utilizing sophisticated ransomware tactics, the attackers breached the company's systems, compromising 166 GB of crucial data encompassing invoices, banking details, and financial records. Though the specific ransom demand remained undisclosed, the attackers issued a warning by releasing a portion of the pilfered information.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.