LockBit 3.0 Ransomware Attack on Electronic Maintenance Associates
Incident Date:
May 8, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Electronic Maintenance Associates
Victim
Electronic Maintenance Associates,
Attacker
Lockbit3
Location
First Reported
May 8, 2024
Ransomware Attack on Electronic Maintenance Associates by LockBit 3.0
Victim Profile
Electronic Maintenance Associates (EMA Inc.) is a company based in Norcross, Georgia, specializing in energy savings solutions for medium voltage applications using Variable Frequency Drives (VFDs). They are known for their expertise in retrofitting existing applications with VFDs, focusing on energy efficiency in the HVAC market.
Company Standout
EMA Inc. stands out in the industry for their emphasis on energy efficiency in medium voltage applications through the use of VFDs. They are recognized for their troubleshooting expertise in the field, which is considered a specialized skill set.
Company Vulnerabilities
The company was targeted in a cyberattack by LockBit 3.0 ransomware. The attackers successfully exfiltrated 280 GB of data, which included sensitive information such as invoices and customers' data. A sample of the stolen data was leaked, indicating a potential data compromise. Although no specific ransom demand was made, the attack likely caused significant disruption to the company's operations. Their focus on energy savings solutions and expertise in VFDs could make them an attractive target for cybercriminals seeking valuable data or looking to disrupt critical infrastructure operations.
Ransomware Group Details
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. The group is known for its advanced capabilities, including file encryption, desktop modifications, and lateral movement within networks to cover its tracks.
LockBit May Attacks
This ransomware attack on Electronic Maintenance Associates is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's resurgence highlights the need for enhanced international cooperation and proactive measures to combat cybercrime effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.