LockBit 3.0 Ransomware Attack on Kimmel Corporation
Incident Date:
May 8, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Kimmel Corporation
Victim
Kimmel Corporation
Attacker
Lockbit3
Location
First Reported
May 8, 2024
Ransomware Attack on Kimmel Corporation by LockBit 3.0
Attack Overview
Kimmel Corp. was targeted by a cybercrime attack involving LockBit 3.0 ransomware, resulting in the theft of 100 GB of sensitive data, including contracts, employees and users' data, accounting data, and more. A sample of the exfiltrated data was leaked, causing significant disruption and potential data compromise for the company. The attack did not specify a ransom demand, indicating the severity of the breach.
Victim Profile
Kimmel Corporation, a 4th generation family-owned and operated company, offers a range of services including uniforms, towels, and aprons for various industries. The company emphasizes providing solutions that are supplied and fresh, with a focus on maintaining a clean and safe environment for businesses. They utilize radio frequency identification (RFID) chips sewn into garments for tracking purposes. The company operates primarily in the Consumer Services sector, offering uniform, mat, linen, and facility services. Their commitment to providing clean and safe environments for clients sets them apart in the industry. Kimmel Corporation also provides custom company apparel and prides itself on fulfilling its promises over its 4 generations of operation.
Ransomware Group Profile
The LockBit 3.0 ransomware group is an evolution of the LockBit group, known for its advanced capabilities and evasive tactics. LockBit 3.0 operates under a Ransomware-as-a-Service (RaaS) model, actively recruiting affiliates to target a wide range of businesses and critical infrastructure organizations. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes, making it a highly disruptive threat in the cybersecurity landscape.
Possible Penetration Methods
LockBit 3.0 distinguishes itself by its advanced features, including the ability to move laterally through a network via group policy updates and delete traces of itself to cover its tracks. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. Its modular and evasive nature makes it harder to detect and defend against, posing a significant risk to organizations like Kimmel Corporation.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.