LockBit 3.0 Ransomware Attack on Ramfoam

Overview of the Attack

Ramfoam Ltd, a prominent UK-based manufacturer specializing in foam products, has fallen victim to a sophisticated ransomware attack orchestrated by the LockBit 3.0 group. The attack was publicly claimed on LockBit’s dark web leak site, with sensitive company data being exfiltrated and a ransom demand imposed. Specific details about the ransom amount or the exact data compromised have not been disclosed.

About Ramfoam

Ramfoam Ltd is a leading converter and supplier of polyurethane and polyethylene foam in Europe. The company provides a wide range of foam products, including mattresses, pillows, and cushions, and offers custom foam cutting services. With a workforce of 51-200 employees and an estimated revenue of $9 million, Ramfoam serves various industries, including retail packaging and insulation for planes. The company prides itself on being Europe's leading foam converter, known for its extensive range of foam materials and conversion options.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is an advanced variant of the LockBit ransomware family, operating under a Ransomware-as-a-Service (RaaS) model. This model allows affiliates to use the ransomware to conduct attacks, significantly expanding its reach. LockBit 3.0 is known for its enhanced encryption capabilities, obfuscation techniques to avoid detection, and features such as lateral movement through networks and deletion of system logs. These capabilities make it a highly effective and dangerous threat to organizations worldwide.

Details of the Attack

The LockBit 3.0 attack on Ramfoam was likely facilitated through high-volume phishing campaigns, as observed in similar attacks. These campaigns often involve sending emails with malicious attachments that, once opened, deploy the ransomware payload. LockBit 3.0's advanced features enable it to encrypt files, modify filenames, and place a ransom note on the victim's desktop. The ransomware also employs strong encryption algorithms, making it nearly impossible to decrypt files without paying the ransom.

One of the unique aspects of LockBit 3.0 is its double extortion tactic, where the attackers threaten to release stolen data publicly if the ransom is not paid. This method increases the pressure on victims to comply with the demands, as the potential data leak could have severe reputational and financial consequences.

Sources

• Proofpoint - Security Brief on LockBit Black
• CISA - Stop Ransomware: LockBit 3.0
• SonicWall - LockBit 3.0 'Black' Targets Large Corps
• Cybersecurity News - Hackers Customize LockBit 3.0 Ransomware
• Barracuda - The Rise and Fall of LockBit Ransomware