LockBit 3.0 Ransomware Attack on Garage Cretot SAS
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Garage Cretot SAS
Victim
Garage Cretot SAS
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Garage Cretot SAS by LockBit 3.0
Victim Company Profile
Garage Cretot SAS, located in France, was targeted by the LockBit 3.0 ransomware group in a recent cyberattack. The company specializes in the sale and servicing of commercial vehicles, including trucks, semi-trailers, and utility vehicles. With over 40 years of experience, Garage Cretot offers services such as sales of new and used vehicles, maintenance and repair services, and leasing options. They represent major brands like IVECO and IVECO BUS and also sell second-hand machines through the Machinetrack platform.
Ransomware Attack Details
The ransomware attack on Garage Cretot involved the exfiltration of 215 GB of data, including scans, financial records, marketing data, and potentially other sensitive information. The attackers, LockBit 3.0, did not issue a specific ransom demand but leaked a sample of the exfiltrated data.
LockBit 3.0 Ransomware Group
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting various businesses and critical infrastructure organizations. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. It is highly obfuscated and difficult for security researchers to analyze. LockBit 3.0 has advanced features like lateral movement through networks and self-deletion to cover its tracks.
Company Vulnerabilities
The company may have been targeted by threat actors due to the sensitive nature of the data they handle, including financial records and customer information. The company's reliance on digital systems for sales, servicing, and data management could have made them vulnerable to ransomware attacks. Additionally, the high-profile nature of their business, representing major vehicle brands and operating in the consumer services sector, could have made them a lucrative target for cybercriminals.
LockBit May Attacks
This ransomware attack on Garage Cretot SAS is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims within hours of reactivating its platform. The group's ability to regroup and strike back efficiently raises concerns about current strategies' adequacy in combating cybercrime. LockBit's recent activities have affected diverse industries globally, emphasizing the need for proactive measures and international collaboration to counter such cybercriminal networks effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.