LockBit 3.0 Ransomware Attack on Museu Paraense Emílio Goeldi
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Museu Paraense Emílio Goeldi
Victim
Museu Paraense Emílio Goeldi
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Museu Paraense Emílio Goeldi by LockBit 3.0
Victim Profile
The Museu Paraense Emílio Goeldi (MPEG) is a Brazilian research institution and museum located in Belém, Pará, Brazil. Founded in 1866, it is a federal research institution within the Brazilian Ministry of Science, Technology and Communication (MCTIC). The museum's primary focus is on the scientific study of natural and sociocultural systems in the Amazon area, contributing to the cultural memory and regional development of the region.
Company Size and Standout
The MPEG has a significant presence with a 5.4-hectare zoological and botanical park, a 10-hectare research campus, and a scientific station in the Caxiuanã national forest. It is the oldest scientific institution in the Amazon area, dedicated to the scientific study of natural and socio-cultural systems in the region.
Attack Details
The cyberattack on the Museu Paraense Emílio Goeldi by LockBit 3.0 resulted in the exfiltration of 2 GB of sensitive data, including personally identifiable information (PII) and financial data. The attackers utilized ransomware as their attack technique, encrypting files, modifying filenames, changing desktop wallpaper, and dropping a ransom note on the victim's desktop.
Industry Vulnerabilities
Being a prominent research institution, the organization holds valuable data related to biodiversity, natural sciences, and cultural heritage. This makes them a prime target for threat actors seeking to exploit sensitive information for financial gain or malicious purposes.
Ransomware Group Distinction
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. It is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features that make it harder to detect and defend against.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.