LockBit 3.0 Ransomware Attack on Ramfoam

Incident Date:

May 23, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Ramfoam

Victim

Ramfoam

Attacker

Lockbit3

Location

Oldbury, United Kingdom

, United Kingdom

First Reported

May 23, 2024

LockBit 3.0 Ransomware Attack on Ramfoam

Overview of the Attack

Ramfoam Ltd, a prominent UK-based manufacturer specializing in foam products, has fallen victim to a sophisticated ransomware attack orchestrated by the LockBit 3.0 group. The attack was publicly claimed on LockBit’s dark web leak site, with sensitive company data being exfiltrated and a ransom demand imposed. Specific details about the ransom amount or the exact data compromised have not been disclosed.

About Ramfoam

Ramfoam Ltd is a leading converter and supplier of polyurethane and polyethylene foam in Europe. The company provides a wide range of foam products, including mattresses, pillows, and cushions, and offers custom foam cutting services. With a workforce of 51-200 employees and an estimated revenue of $9 million, Ramfoam serves various industries, including retail packaging and insulation for planes. The company prides itself on being Europe's leading foam converter, known for its extensive range of foam materials and conversion options.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is an advanced variant of the LockBit ransomware family, operating under a Ransomware-as-a-Service (RaaS) model. This model allows affiliates to use the ransomware to conduct attacks, significantly expanding its reach. LockBit 3.0 is known for its enhanced encryption capabilities, obfuscation techniques to avoid detection, and features such as lateral movement through networks and deletion of system logs. These capabilities make it a highly effective and dangerous threat to organizations worldwide.

Details of the Attack

The LockBit 3.0 attack on Ramfoam was likely facilitated through high-volume phishing campaigns, as observed in similar attacks. These campaigns often involve sending emails with malicious attachments that, once opened, deploy the ransomware payload. LockBit 3.0's advanced features enable it to encrypt files, modify filenames, and place a ransom note on the victim's desktop. The ransomware also employs strong encryption algorithms, making it nearly impossible to decrypt files without paying the ransom.

One of the unique aspects of LockBit 3.0 is its double extortion tactic, where the attackers threaten to release stolen data publicly if the ransom is not paid. This method increases the pressure on victims to comply with the demands, as the potential data leak could have severe reputational and financial consequences.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.