LockBit 3.0 Ransomware Attack on Elements Ingenieries

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Elements Ingenieries

Victim

Elements Ingenieries

Attacker

Lockbit3

Location

Paris, France

, France

First Reported

May 9, 2024

Ransomware Attack on Elements Ingenieries by LockBit 3.0

Victim Profile

Elements Ingenieries, formerly known as RFR éléments, is a well-established player in the fields of environment, energy, and fluids. Founded in 2004, the company focuses on developing excellent engineering solutions for constructing energy-efficient and technically reliable buildings that are adaptable to new contexts, emphasizing resilience in their projects.

Company Standout

Elements Ingenieries stands out for its commitment to environmental sustainability and the urgent need for ecological transition. The company views each project as an opportunity to excel in engineering, creating buildings that are not only energy-efficient but also adaptable and resilient to future challenges.

Attack Details

Elements Ingenieries was targeted by the LockBit 3.0 cybercrime group in a ransomware attack. The attackers exfiltrated 73 GB of data, including financial records, employees' data, invoices, and likely other sensitive information. While no specific ransom demand was issued, the attackers leaked a sample of the exfiltrated data, posing a significant threat to the company's operations and reputation.

Vulnerabilities

The company, being a recognized actor in the fields of environment, energy, and fluids, may have been targeted by threat actors due to the sensitive nature of their work. Their focus on ecological transitions and sustainable engineering solutions could make them a prime target for cybercriminals looking to exploit valuable data.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability. The group's resurgence prompts scrutiny of law enforcement's effectiveness in combating cybercrime and highlights the necessity for enhanced international cooperation to tackle such syndicates effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.