LockBit 3.0 Ransomware Attack on Peninsula Crane & Rigging

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Peninsula Crane & Rigging

Victim

Peninsula Crane & Rigging

Attacker

Lockbit3

Location

San Jose, USA

California, USA

First Reported

May 9, 2024

Ransomware Attack on Peninsula Crane & Rigging by LockBit 3.0

Victim Profile

Peninsula Crane & Rigging, a family-owned business operating in the Construction sector, provides specialized heavy rigging services across Northern California and Nevada. Established in 1974, the company offers general and specialty hoisting, complete rigging and millwright services, and steel erection.

The company stands out for its extensive experience in the industry, providing reliable crane services, trucking, machinery moving, seismic bracing, and warehousing. They have built a reputation for their expertise and quality service, evident from their long-standing presence in the region.

Attack Details

The cybercrime attack on Peninsula Crane & Rigging by LockBit 3.0 involved the exfiltration of 52 GB of sensitive data, including PII, insurance documents, contracts, and financial data. The attackers leaked a sample of the stolen data, indicating their intention to expose the compromised information. The ransom demand amount was not specified, suggesting a direct communication with the victim regarding ransom may not have occurred.

Company Vulnerabilities

Being a well-established company with a long history of operation and a wide range of services, Peninsula Crane & Rigging may have become a target for threat actors due to the valuable data they possess, including personally identifiable information, insurance documents, contracts, and financial data. Their prominence in the industry and the critical services they provide make them an attractive target for ransomware attacks.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from the previous LockBit versions. It is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features such as file encryption, desktop modifications, and lateral movement capabilities within networks. The group operates under a RaaS model, allowing other cybercriminals to use their malware for attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.