LockBit 3.0 Ransomware Attack on CCI Aix-Marseille-Provence
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on CCI Aix-Marseille-Provence
Victim
CCI Aix-Marseille-Provence
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on CCI Aix-Marseille-Provence by LockBit 3.0
Company Profile
The Chamber of Commerce and Industry of Marseille Provence (CCIMP) is an organization that supports and promotes businesses in the Marseille Provence region of France. They provide a range of services to help businesses grow and succeed, including networking opportunities, business development support, and advocacy on behalf of the business community. The company is associated with numerous organizations like Euroméditerranée, the Port of Marseille Fos, and ITER, among others. CCIMP is a significant inward investment agency attracting between 60 and 80 companies annually. The company is located in the Greater Marseille Metropolitan Area.
Attack Details
The ransomware group LockBit 3.0 has claimed an attack on CCI Aix-Marseille-Provence, a significant inward investment agency in the Marseille Provence region. The attack targeted the company's systems, encrypting files, modifying filenames, and dropping a ransom note demanding payment for decryption. The advanced capabilities of LockBit 3.0 make it a dangerous threat to organizations, including those in critical infrastructure sectors.
Company Vulnerabilities
Due to the nature of their operations and the valuable services they provide to businesses in the Marseille Provence region, CCIMP may be targeted by threat actors seeking to disrupt their activities or extort ransom payments. Their involvement in various professional networks and partnerships could make them a prime target for cybercriminals looking to exploit vulnerabilities in their systems.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.