LockBit 3.0 Ransomware Attack on Grand Indonesia

Incident Date:

May 7, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Grand Indonesia

Victim

Grand Indonesia

Attacker

Lockbit3

Location

Central Jakarta, Indonesia

, Indonesia

First Reported

May 7, 2024

Ransomware Attack on Grand Indonesia by LockBit 3.0

Attack and Company Overview

A premium shopping mall located in Central Jakarta, Indonesia, Grand Indonesia, was targeted in a cyberattack by the LockBit 3.0 ransomware group. The mall is owned by PT. Djarum, a subsidiary of the Djarum Group, and is managed by PT. Grand Indonesia. It consists of a shopping mall, office tower, hotel, and serviced residential tower, offering a wide range of fashion apparel, restaurants, and entertainment options.

Company Size and Industry Standing

Grand Indonesia is a significant player in the retail sector, with a total area of approximately 263,226 square meters and over 140,000 square meters of leasable floor space. The mall hosts international brands, anchors like Seibu Department Store and CGV Cinemas, and various dining options, making it a popular destination for both locals and tourists.

Vulnerabilities and Targeting

As a high-profile retail complex, Grand Indonesia stands out in its industry due to its size, diverse offerings, and central location. These factors may have made it an attractive target for threat actors like the LockBit 3.0 ransomware group. The group is known for its advanced capabilities, including file encryption, obfuscation, lateral movement within networks, and covering its tracks effectively.

Ransomware Group Distinctions

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. It has been actively recruiting affiliates and expanding its attack volume across various devices and operating systems. The ransomware is highly obfuscated, making it challenging for security researchers to analyze, and it has been used to target a wide range of organizations globally, including major companies like Boeing and ICBC.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, where the group resurfaced following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly targeted over 50 victims, showcasing its global reach and adaptability. The group's resurgence highlights the need for enhanced international cooperation and proactive cybersecurity measures to combat cybercrime effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.