LockBit 3.0 Ransomware Attack on INCEGROUP

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on INCEGROUP

Victim

Incegroup LLC

Attacker

Lockbit3

Location

Kingstown, Saint Vincent and the Grenadines

, Saint Vincent and the Grenadines

First Reported

May 9, 2024

Ransomware Attack on INCEGROUP by LockBit 3.0

Victim Profile

INCEGROUP LLC, based in Saint Vincent and the Grenadines, is a leading engineering and database solutions company operating in the Caribbean. They specialize in generator installation, solar renewable energy, electrical design and installation, and database consultancy. The company also offers services for automating work lines to increase production efficiency and provides maintenance contracts for generators. With a professional staff of 200-500 and a commitment to innovation, it focuses on client satisfaction and adapting to market demands.

Vulnerabilities and Targeting

The company's involvement in critical infrastructure projects and their use of advanced technologies make them an attractive target for threat actors like the LockBit 3.0 ransomware group. The company's wide range of services and client base could have made them vulnerable to a ransomware attack, as cybercriminals seek to exploit weaknesses in their systems for financial gain.

Attack Details

The ransomware attack on INCEGROUP by LockBit 3.0 involved a demand for ransom with a deadline of May 23rd. Specific details about the ransom demand, exfiltrated data, and leaked data were not provided, but the urgency of the deadline indicates potential consequences for non-compliance.

LockBit 3.0 is considered one of the most dangerous ransomware threats due to its advanced features and capabilities, including lateral movement through networks and data deletion to cover tracks.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced with vigor following the disruption of its infrastructure during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. LockBit's recent activities targeted diverse industries globally, with manufacturing companies, professional services, and the ICT sector being the most affected.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.