LockBit 3.0 Ransomware Attack on Peninsula Crane & Rigging
Incident Date:
May 9, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Peninsula Crane & Rigging
Victim
Peninsula Crane & Rigging
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Peninsula Crane & Rigging by LockBit 3.0
Victim Profile
Peninsula Crane & Rigging, a family-owned business operating in the Construction sector, provides specialized heavy rigging services across Northern California and Nevada. Established in 1974, the company offers general and specialty hoisting, complete rigging and millwright services, and steel erection.
The company stands out for its extensive experience in the industry, providing reliable crane services, trucking, machinery moving, seismic bracing, and warehousing. They have built a reputation for their expertise and quality service, evident from their long-standing presence in the region.
Attack Details
The cybercrime attack on Peninsula Crane & Rigging by LockBit 3.0 involved the exfiltration of 52 GB of sensitive data, including PII, insurance documents, contracts, and financial data. The attackers leaked a sample of the stolen data, indicating their intention to expose the compromised information. The ransom demand amount was not specified, suggesting a direct communication with the victim regarding ransom may not have occurred.
Company Vulnerabilities
Being a well-established company with a long history of operation and a wide range of services, Peninsula Crane & Rigging may have become a target for threat actors due to the valuable data they possess, including personally identifiable information, insurance documents, contracts, and financial data. Their prominence in the industry and the critical services they provide make them an attractive target for ransomware attacks.
Ransomware Group Distinction
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from the previous LockBit versions. It is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features such as file encryption, desktop modifications, and lateral movement capabilities within networks. The group operates under a RaaS model, allowing other cybercriminals to use their malware for attacks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.