LockBit 3.0 Ransomware Attack on Amsoft Chile

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Amsoft Chile

Victim

Amsoft Transformacion Digital

Attacker

Lockbit3

Location

La Reina, Chile

, Chile

First Reported

May 9, 2024

Ransomware Attack on Amsoft Chile by LockBit 3.0

Victim Profile

Amsoft Chile, a private company specializing in digital transformation, fell victim to a cyberattack by the LockBit 3.0 ransomware group. The company operates in the Software sector, offering custom software solutions for businesses, including web and mobile applications. Amsoft Chile stands out for its focus on digital transformation services and has between 1 to 50 employees.

Ransomware Group Profile

The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates since January 2020. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features and capabilities.

Attack and Vulnerabilities

The cyberattack on Amsoft Chile involved the encryption of data on the victim's website, making it inaccessible. The attackers likely demanded a ransom for decryption, threatening to permanently withhold access to the data until payment was made. Amsoft Chile's vulnerabilities in being targeted by threat actors may include inadequate cybersecurity measures, lack of employee training on cybersecurity best practices, and potential weaknesses in their network infrastructure. The company's focus on digital transformation services may have made them an attractive target for cybercriminals seeking valuable data for extortion.

Attack Method

LockBit 3.0 distinguishes itself by encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. Additionally, LockBit 3.0 has the ability to move laterally through a network via group policy updates and delete traces of itself to cover its tracks.

Recent Activity

Resurfacing in May 2024 after the disruption of its infrastructure in February during "Operation Cronos," LockBit 3.0 quickly targeted over 50 victims, showcasing its adaptability and global reach. Cybersecurity experts stress the importance of proactive measures and international cooperation to effectively combat such cybercriminal groups.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.