LockBit 3.0 Ransomware Attack on Arcus S.A.
Incident Date:
May 7, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Arcus S.A.
Victim
Arcus S.A.
Attacker
Lockbit3
Location
First Reported
May 7, 2024
Ransomware Attack on Arcus S.A. by LockBit 3.0
Victim Profile
Arcus S.A. is a leading provider of solutions that streamline the processing of electronic documents in organizations. Based in Warsaw, Poland, the company has been in operation for over 35 years, supporting clients in optimizing document workflows and reducing costs through intelligent printing and document management solutions.
Company Overview
The company offers a wide range of services, including software, solutions, devices, and reference materials. The company stands out in the industry for its comprehensive services that cater to various needs in the software and device sectors.
Size and Industry Standing
Arcus S.A. is a public company listed on the Warsaw Stock Exchange, with a strong presence in the Business Services sector. The company's offerings in software and IT solutions to improve document processing efficiency, intelligent printing devices and services, and reference materials for document management have solidified its position in the industry.
Vulnerabilities and Attack Details
Recently, the company was targeted by the LockBit 3.0 ransomware group, known for its advanced capabilities and evasive tactics. The ransomware encrypts files, modifies filenames, changes desktop wallpaper, and drops a ransom note on the victim's desktop. LockBit 3.0 is heavily obfuscated and protected against analysis, making it challenging for security researchers to study and mitigate.
The ransomware group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to utilize their malware for attacks. LockBit 3.0 has been used to target a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC.
LockBit May Attacks:
This attack on Arcus S.A. is part of the May 2024 attacks by LockBit 3.0, where the cybercriminal group resurfaced following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, showcasing its global reach and adaptability in cybercrime activities.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.