LockBit 3.0 Ransomware Attack on Garage Cretot SAS

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Garage Cretot SAS

Victim

Garage Cretot SAS

Attacker

Lockbit3

Location

LE MANS, France

, France

First Reported

May 9, 2024

Ransomware Attack on Garage Cretot SAS by LockBit 3.0

Victim Company Profile

Garage Cretot SAS, located in France, was targeted by the LockBit 3.0 ransomware group in a recent cyberattack. The company specializes in the sale and servicing of commercial vehicles, including trucks, semi-trailers, and utility vehicles. With over 40 years of experience, Garage Cretot offers services such as sales of new and used vehicles, maintenance and repair services, and leasing options. They represent major brands like IVECO and IVECO BUS and also sell second-hand machines through the Machinetrack platform.

Ransomware Attack Details

The ransomware attack on Garage Cretot involved the exfiltration of 215 GB of data, including scans, financial records, marketing data, and potentially other sensitive information. The attackers, LockBit 3.0, did not issue a specific ransom demand but leaked a sample of the exfiltrated data.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting various businesses and critical infrastructure organizations. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. It is highly obfuscated and difficult for security researchers to analyze. LockBit 3.0 has advanced features like lateral movement through networks and self-deletion to cover its tracks.

Company Vulnerabilities

The company may have been targeted by threat actors due to the sensitive nature of the data they handle, including financial records and customer information. The company's reliance on digital systems for sales, servicing, and data management could have made them vulnerable to ransomware attacks. Additionally, the high-profile nature of their business, representing major vehicle brands and operating in the consumer services sector, could have made them a lucrative target for cybercriminals.

LockBit May Attacks

This ransomware attack on Garage Cretot SAS is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims within hours of reactivating its platform. The group's ability to regroup and strike back efficiently raises concerns about current strategies' adequacy in combating cybercrime. LockBit's recent activities have affected diverse industries globally, emphasizing the need for proactive measures and international collaboration to counter such cybercriminal networks effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.