LockBit 3.0 Ransomware Attack on ITSS Bilişim Hizmetleri
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on ITSS Bilişim Hizmetleri
Victim
ITSS Bilişim Hizmetleri
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on ITSS Bilişim Hizmetleri by LockBit 3.0
Victim Profile
ITSS Bilişim Hizmetleri is an information technology company based in Istanbul, Turkey. The company provides IT services and solutions to over 100 leading companies across various sectors. Their main focus is on providing contractual hardware and software maintenance services for servers, storage systems, and tape libraries. Their specialization in providing 24/7 maintenance services for a range of server systems sets them apart in the industry.
Attack Overview
ITSS Bilişim Hizmetleri was targeted by the LockBit 3.0 ransomware group, known for its advanced capabilities and evasive tactics. The attackers managed to exfiltrate 33 GB of data from the company, including financial documents and personally identifiable information. This breach poses significant risks to the company's operations and data security.
Ransomware Group Distinction
LockBit 3.0, also referred to as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and expanding its attack volume across various devices and operating systems. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. It is heavily obfuscated and difficult to analyze, making it a potent threat in the cybersecurity landscape.
LockBit May Attacks
This ransomware attack on ITSS Bilişim Hizmetleri is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit swiftly resumed its activities, targeting over 50 victims globally. The group's adaptability and resilience highlight the need for enhanced international cooperation and proactive cybersecurity measures to combat cybercriminal networks effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.