LockBit 3.0 Ransomware Attack on Commonwealth Fund Services

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Commonwealth Fund Services

Victim

Commonwealth Fund Services, Richmond Virginia

Attacker

Lockbit3

Location

Richmond, USA

Virginia, USA

First Reported

May 9, 2024

Ransomware Attack on Commonwealth Fund Services by LockBit 3.0

Company Profile

Commonwealth Fund Services, based in Richmond, Virginia, operates in the finance sector, providing traditional mutual fund and exchange-traded fund services. The company stands out in the industry due to its comprehensive solutions for the fund industry, including fund accounting, transfer agency, administration, compliance, and distribution services. Commonwealth Fund Services differentiates itself through its experienced management team that offers customized solutions at competitive prices.

Attack and Vulnerabilities

Commonwealth Fund Services was targeted in a cyber attack by the LockBit 3.0 cybercrime group. The company's vulnerabilities in being targeted by threat actors lie in the sensitive financial data they handle, making them an attractive target for ransomware groups like LockBit 3.0. Their extensive operations and client base could also make them susceptible to cyber attacks.

Ransomware Group Overview

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that evolved from the LockBit ransomware group. It has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations globally. LockBit 3.0 distinguishes itself through its advanced features, including file encryption, desktop modifications, and the ability to move laterally through networks.

LockBit May Attacks

This ransomware attack on Commonwealth Fund Services is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims within hours of reactivating its platform. The group's global reach and adaptability have raised concerns about law enforcement's effectiveness in combating cybercrime.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.