LockBit 3.0 Ransomware Attack on Collège Sainte Marie Elven

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Collège Sainte Marie Elven

Victim

College Sainte Marie Elven

Attacker

Lockbit3

Location

Elven, France

, France

First Reported

May 9, 2024

Ransomware Attack on Collège Sainte Marie Elven by LockBit 3.0

Company Profile

Collège Sainte Marie Elven is a private secondary school deeply rooted in the Elven community. The school caters to 421 students across 16 classes, with a team of 32 teachers and 10 staff members. It offers diverse pedagogy tailored to individual needs and abilities, providing specific support for students with particular profiles, evening study assistance, and a range of extracurricular activities promoting cultural, scientific, and professional exploration. The school stands out for its commitment to guiding students towards excellence.

Attack Details

The cyberattack on Sainte Marie Elven College in France was carried out by the LockBit 3.0 ransomware. The perpetrators managed to extract approximately 6 GB of data, comprising personally identifiable information (PII) and invoices. Some of the pilfered data was made public. Given the sensitivity of student and staff information, Collège Sainte Marie Elven may have vulnerabilities in its IT infrastructure. Educational institutions, constrained by limited cybersecurity resources, frequently become prime targets for malicious actors aiming to capitalize on weaknesses in their systems.

Ransomware Group Distinction

LockBit 3.0 distinguishes itself by being an evolution of the LockBit group, introducing new features and capabilities to enhance its infection capacities and customization options. The group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks. LockBit 3.0 has been known to target a wide range of businesses and critical infrastructure organizations globally, showcasing its advanced capabilities and reach.

LockBit May Attacks

In May 2024, LockBit 3.0 resurfaced with vigor following the disruption of its infrastructure during "Operation Cronos". Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the challenges in combating cybercrime effectively, emphasizing the need for enhanced international cooperation and proactive cybersecurity measures.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.