LockBit 3.0 Ransomware Attack on Amsoft Chile
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Amsoft Chile
Victim
Amsoft Transformacion Digital
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Amsoft Chile by LockBit 3.0
Victim Profile
Amsoft Chile, a private company specializing in digital transformation, fell victim to a cyberattack by the LockBit 3.0 ransomware group. The company operates in the Software sector, offering custom software solutions for businesses, including web and mobile applications. Amsoft Chile stands out for its focus on digital transformation services and has between 1 to 50 employees.
Ransomware Group Profile
The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates since January 2020. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features and capabilities.
Attack and Vulnerabilities
The cyberattack on Amsoft Chile involved the encryption of data on the victim's website, making it inaccessible. The attackers likely demanded a ransom for decryption, threatening to permanently withhold access to the data until payment was made. Amsoft Chile's vulnerabilities in being targeted by threat actors may include inadequate cybersecurity measures, lack of employee training on cybersecurity best practices, and potential weaknesses in their network infrastructure. The company's focus on digital transformation services may have made them an attractive target for cybercriminals seeking valuable data for extortion.
Attack Method
LockBit 3.0 distinguishes itself by encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. Additionally, LockBit 3.0 has the ability to move laterally through a network via group policy updates and delete traces of itself to cover its tracks.
Recent Activity
Resurfacing in May 2024 after the disruption of its infrastructure in February during "Operation Cronos," LockBit 3.0 quickly targeted over 50 victims, showcasing its adaptability and global reach. Cybersecurity experts stress the importance of proactive measures and international cooperation to effectively combat such cybercriminal groups.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.