LockBit 3.0 Ransomware Attack on Doxim: Industry Impact and Global Threats

Incident Date:

May 9, 2024

World map



LockBit 3.0 Ransomware Attack on Doxim: Industry Impact and Global Threats






Mississauga, Canada

, Canada

First Reported

May 9, 2024

Ransomware Attack on Doxim by LockBit 3.0

Company Profile

Doxim is a Canadian company specializing in customer communications management and engagement technology. They operate in highly regulated markets, including financial services, utilities, and healthcare. With between 500 and 999 employees, Doxim's headquarters are located in Mississauga, Canada. The company offers solutions tailored to regulated industries, emphasizing technology, best practices, and secure infrastructure.

Industry Standing and Vulnerabilities

The company stands out in its industry by providing services designed for regulated industries, ensuring compliance and secure communications. Their expertise in integrating with various data sources and core systems makes them a trusted partner for organizations seeking seamless operations.

Attack Overview

Doxim was targeted by the LockBit 3.0 ransomware group in a cyberattack. The attackers used ransomware to encrypt the company's data, likely for extortion purposes. The ransomware group's advanced infection capacities and customization options, along with its evasive and modular nature, make it challenging for organizations like Doxim to detect and defend against such attacks.

Ransomware Group Tactics

The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates since January 2020. LockBit 3.0 encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes, making it a highly disruptive and dangerous ransomware threat.

LockBit May Attacks

This ransomware attack on Doxim is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims globally. The group's adaptability and global reach highlight the challenges faced by law enforcement in combating cybercrime effectively. LockBit's resurgence underscores the need for proactive measures, intelligence sharing, and international cooperation to address evolving threats in the cybersecurity landscape.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.