LockBit 3.0 Ransomware Attack on Electronic Maintenance Associates

Incident Date:

May 8, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Electronic Maintenance Associates

Victim

Electronic Maintenance Associates,

Attacker

Lockbit3

Location

Norcross, USA

Georgia, USA

First Reported

May 8, 2024

Ransomware Attack on Electronic Maintenance Associates by LockBit 3.0

Victim Profile

Electronic Maintenance Associates (EMA Inc.) is a company based in Norcross, Georgia, specializing in energy savings solutions for medium voltage applications using Variable Frequency Drives (VFDs). They are known for their expertise in retrofitting existing applications with VFDs, focusing on energy efficiency in the HVAC market.

Company Standout

EMA Inc. stands out in the industry for their emphasis on energy efficiency in medium voltage applications through the use of VFDs. They are recognized for their troubleshooting expertise in the field, which is considered a specialized skill set.

Company Vulnerabilities

The company was targeted in a cyberattack by LockBit 3.0 ransomware. The attackers successfully exfiltrated 280 GB of data, which included sensitive information such as invoices and customers' data. A sample of the stolen data was leaked, indicating a potential data compromise. Although no specific ransom demand was made, the attack likely caused significant disruption to the company's operations. Their focus on energy savings solutions and expertise in VFDs could make them an attractive target for cybercriminals seeking valuable data or looking to disrupt critical infrastructure operations.

Ransomware Group Details

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. The group is known for its advanced capabilities, including file encryption, desktop modifications, and lateral movement within networks to cover its tracks.

LockBit May Attacks

This ransomware attack on Electronic Maintenance Associates is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's resurgence highlights the need for enhanced international cooperation and proactive measures to combat cybercrime effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.