LockBit 3.0 Ransomware Attack on Arcus S.A.

Incident Date:

May 7, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Arcus S.A.

Victim

Arcus S.A.

Attacker

Lockbit3

Location

Warszawa, Poland

, Poland

First Reported

May 7, 2024

Ransomware Attack on Arcus S.A. by LockBit 3.0

Victim Profile

Arcus S.A. is a leading provider of solutions that streamline the processing of electronic documents in organizations. Based in Warsaw, Poland, the company has been in operation for over 35 years, supporting clients in optimizing document workflows and reducing costs through intelligent printing and document management solutions.

Company Overview

The company offers a wide range of services, including software, solutions, devices, and reference materials. The company stands out in the industry for its comprehensive services that cater to various needs in the software and device sectors.

Size and Industry Standing

Arcus S.A. is a public company listed on the Warsaw Stock Exchange, with a strong presence in the Business Services sector. The company's offerings in software and IT solutions to improve document processing efficiency, intelligent printing devices and services, and reference materials for document management have solidified its position in the industry.

Vulnerabilities and Attack Details

Recently, the company was targeted by the LockBit 3.0 ransomware group, known for its advanced capabilities and evasive tactics. The ransomware encrypts files, modifies filenames, changes desktop wallpaper, and drops a ransom note on the victim's desktop. LockBit 3.0 is heavily obfuscated and protected against analysis, making it challenging for security researchers to study and mitigate.

The ransomware group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to utilize their malware for attacks. LockBit 3.0 has been used to target a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC.

LockBit May Attacks:

This attack on Arcus S.A. is part of the May 2024 attacks by LockBit 3.0, where the cybercriminal group resurfaced following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, showcasing its global reach and adaptability in cybercrime activities.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.