LockBit 3.0 Ransomware Attack on Museu Paraense Emílio Goeldi

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Museu Paraense Emílio Goeldi

Victim

Museu Paraense Emílio Goeldi

Attacker

Lockbit3

Location

Belém, Brazil

, Brazil

First Reported

May 9, 2024

Ransomware Attack on Museu Paraense Emílio Goeldi by LockBit 3.0

Victim Profile

The Museu Paraense Emílio Goeldi (MPEG) is a Brazilian research institution and museum located in Belém, Pará, Brazil. Founded in 1866, it is a federal research institution within the Brazilian Ministry of Science, Technology and Communication (MCTIC). The museum's primary focus is on the scientific study of natural and sociocultural systems in the Amazon area, contributing to the cultural memory and regional development of the region.

Company Size and Standout

The MPEG has a significant presence with a 5.4-hectare zoological and botanical park, a 10-hectare research campus, and a scientific station in the Caxiuanã national forest. It is the oldest scientific institution in the Amazon area, dedicated to the scientific study of natural and socio-cultural systems in the region.

Attack Details

The cyberattack on the Museu Paraense Emílio Goeldi by LockBit 3.0 resulted in the exfiltration of 2 GB of sensitive data, including personally identifiable information (PII) and financial data. The attackers utilized ransomware as their attack technique, encrypting files, modifying filenames, changing desktop wallpaper, and dropping a ransom note on the victim's desktop.

Industry Vulnerabilities

Being a prominent research institution, the organization holds valuable data related to biodiversity, natural sciences, and cultural heritage. This makes them a prime target for threat actors seeking to exploit sensitive information for financial gain or malicious purposes.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. It is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features that make it harder to detect and defend against.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.