LockBit 3.0 Ransomware Attack on Canada Development Investment Corporation

Incident Date:

May 7, 2024

World map



LockBit 3.0 Ransomware Attack on Canada Development Investment Corporation


Canada Development Investment Corporation (CDEV




Canada, Canada

, Canada

First Reported

May 7, 2024

Ransomware Attack on Canada Development Investment Corporation by LockBit 3.0

Attack Overview

CDEV, a Canadian entity, fell victim to a cyberattack by the LockBit 3.0 ransomware group, which encrypted files, modified filenames, changed desktop wallpapers, and dropped ransom notes on victims' desktops. The ransomware's advanced features, including lateral movement capabilities and data deletion to cover tracks, make it a potent threat in the cybersecurity landscape.

Victim Profile

The Canada Development Investment Corporation (CDEV) is a Canadian Crown corporation responsible for managing investments and corporate interests held by the Government of Canada. Established in 1982, CDEV is owned in full by the Crown and is headquartered at 302-1240 Bay Street, Canada. The corporation provides specialized financial advisory services to the Government of Canada, focusing on structured financing, acquisitions, divestitures, and financial advisory.

Company Size and Industry Standing

Their holdings include subsidiary companies like Canada Hibernia Holding Corporation, Canada Eldor Inc., Canada TMP Finance Limited, and Canada Enterprise Emergency Funding Corporation. The corporation plays a crucial role in managing strategic assets for Canada and has made significant investments, including purchasing 7.9% of General Motors in 2009. work in supporting economic development in Quebec through the Canada Economic Development for Quebec Regions (CED) showcases its commitment to job creation, innovation, and sustainable economic growth in the region.

Vulnerabilities and Targeting

As an entity with a focus on financial management and strategic investments, CDEV may have been targeted by threat actors like the LockBit 3.0 ransomware group due to the sensitive nature of its operations and the potential for financial gain. The corporation's involvement in critical economic initiatives and its access to valuable financial data could make it an attractive target for cybercriminals seeking to extort money through ransomware attacks.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of the LockBit ransomware. The group is known for its advanced encryption techniques, obfuscation methods, and the ability to move laterally through networks to maximize the impact of its attacks. LockBit 3.0 has targeted a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.