LockBit 3.0 Ransomware Attack on DAGMA Argentina

Incident Date:

May 9, 2024

World map



LockBit 3.0 Ransomware Attack on DAGMA Argentina






Buenos Aires, Argentina

, Argentina

First Reported

May 9, 2024

Ransomware Attack on DAGMA Argentina by LockBit 3.0

Company Profile and Attack Details

DAGMA Argentina, a company based in Argentina, provides IT services with a focus on security solutions and data protection. The company stands out in the industry for its commitment to offering solutions that safeguard sensitive information and enhance data security measures. DAGMA AR is a relatively small company with a team of 7 employees, operating on a smaller scale compared to some competitors in the industry.

The company was recently targeted by a cyberattack deploying LockBit 3.0 ransomware, with the company facing severe consequences. This attack encrypted crucial data, potentially causing significant financial losses, reputational damage, and operational disruptions. The company's vulnerabilities in being targeted by threat actors lie in its specialization in IT services, particularly in security and data protection, making it an attractive target for ransomware attacks

Ransomware Group Distinction

LockBit 3.0 distinguishes itself by being an evolution of the LockBit ransomware group, adopting an affiliate-based ransomware approach and introducing new features and capabilities. The group behind LockBit 3.0 actively recruits affiliates, targets a wide range of businesses and critical infrastructure organizations, and expands its attack volume across various devices and operating systems. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study, and it has features like lateral movement through a network and self-trace deletion to cover its tracks.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced following the disruption of its infrastructure during "Operation Cronos." Despite arrests and dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's resurgence highlights the necessity for enhanced international cooperation to effectively combat cybercrime and safeguard digital ecosystems against evolving threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.