LockBit 3.0 Ransomware Attack on Moga International Ltd.
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Moga International Ltd.
Victim
Moga International Ltd.
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Moga International Ltd. by LockBit 3.0
Victim Profile
Moga International Ltd., operating under the brand name Mogaisrael, is a family-owned private company based in Israel. They are the leading importer of high-quality and Kosher raw materials for the food industry in Israel. The company specializes in dried vegetables, fruits, spices, and food additives, catering to various industries such as food, dairy farms, and meat processing.
Company Standout
Moga International stands out for its commitment to providing a winning combination of quality and Kashrut solutions, including for Passover, tailored to the unique needs of each client. They collaborate with Kashrut institutions in Israel and worldwide to ensure the highest standards.
Attack and Vulnerabilities
The cyberattack on Moga International by LockBit 3.0 involved the use of ransomware to compromise the victim's systems. Instead of demanding a ransom for decryption, the attacker fully published leaked data, including sensitive information like agreements, financial data, and personally identifiable information. This data exposure poses significant risks to the company, its clients, and stakeholders.
Being a prominent importer of high-quality and Kosher raw materials, Moga International may have been targeted by threat actors due to the sensitive nature of the data they handle. The company's reputation and relationships with clients could be at risk due to the exposure of this sensitive information.
Ransomware Group Details
The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates since January 2020. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features like file encryption, desktop modifications, and lateral movement through networks.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.