LockBit 3.0 Ransomware Attack on Ora, Inc.

Incident Date:

May 7, 2024

World map



LockBit 3.0 Ransomware Attack on Ora, Inc.


Ora, Inc.




Andover, USA

Massachusetts, USA

First Reported

May 7, 2024

Ransomware Attack on Ora, Inc. by LockBit 3.0

Victim Company Profile

Ora, Inc. is a prominent full-service ophthalmic drug and device development firm that has been in operation since 1977. They are known for their expertise in bringing new products from concept to market efficiently, with a focus on ophthalmic care, contract research, clinical research, regulatory affairs, and clinical studies. Ora, Inc. stands out as a leader in the industry, having helped clients secure over 85 product approvals and boasting a team of experienced ophthalmic experts, R&D professionals, and management executives. The company operates under the domain oraclinical.com and is recognized for its contributions to pharmaceutical manufacturing, drug research, and various healthcare sectors. In 2024, Ora, Inc. reported an annual revenue of $77.6 million, showcasing its financial strength and success in the industry.

Company Vulnerabilities

The firm may have been targeted by threat actors due to its significant presence in the ophthalmic drug and device development sector. The company's valuable intellectual property, research data, and client information could have made it an attractive target for cybercriminals. Additionally, the company's large workforce of 552 employees and global operations may have provided multiple entry points for attackers to exploit.

Ransomware Group LockBit 3.0

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. This ransomware group has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features such as file encryption, desktop modifications, and the ability to move laterally through networks.

LockBit May Attacks

This ransomware attack on Ora, Inc. is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims within hours of reactivating its platform. The group's resurgence highlights the need for enhanced international cooperation to combat cybercrime effectively. LockBit's recent activities have targeted various industries globally, emphasizing the importance of proactive measures and collaborative intelligence sharing to counter such threats.

Overall, the ransomware attack on Ora, Inc. by LockBit 3.0 highlights the increasing sophistication and danger posed by ransomware groups in targeting organizations across various industries.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.