LockBit 3.0 Ransomware Attack on Eviivo Limited
Incident Date:
May 7, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Eviivo Limited
Victim
Eviivo Limited
Attacker
Lockbit3
Location
First Reported
May 7, 2024
Ransomware Attack on Eviivo Limited by LockBit 3.0
Victim Profile
Eviivo Limited, a leading hospitality software company based in the United Kingdom, was recently targeted in a cyberattack by the LockBit 3.0 ransomware group. Eviivo specializes in providing software solutions for independent accommodations, helping manage guests, bookings, and online travel agencies like Airbnb, Booking.com, Expedia, and Vrbo.
Company Size and Standout Features
Eviivo Limited, the legal entity associated with Eviivo, had 473 employees as of December 23, 2003, and generated $17.9 million in revenue as of March 31, 2017. The company stands out in the hospitality tech industry for its innovative functionality and improved booking management experience, being the first all-in-one booking management platform for independent accommodation providers.
Vulnerabilities and Attack Details
LockBit 3.0, a Ransomware-as-a-Service (RaaS) group known for its advanced capabilities, targeted Eviivo Limited in a recent cyberattack. The ransomware encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. LockBit 3.0 is heavily obfuscated and protected against analysis, making it challenging for security researchers to study.
The LockBit ransomware group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks. LockBit 3.0 has been used to target a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC. Cybersecurity agencies consider LockBit 3.0 to be more "modular and evasive" than previous ransomware variants, making it harder to detect and defend against.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit3.0, a cybercriminal group that resurfaced with vigor following the disruption of its infrastructure during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach showcase the challenges in combating cybercrime effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.