LockBit 3.0 Ransomware Attack on Skanlog AV

Incident Date:

May 8, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Skanlog AV

Victim

Skanlog AV

Attacker

Lockbit3

Location

Oslo, Norway

, Norway

First Reported

May 8, 2024

Ransomware Attack on Skanlog AV by LockBit 3.0

Victim Profile

Skanlog AS, a Norwegian transportation and logistics company based in Langå, Norway, has fallen victim to a cyberattack by the LockBit 3.0 ransomware group. Skanlog is a leading independent third-party logistics (3PL) company in Scandinavia, providing comprehensive supply chain management solutions to various industries. The company's core businesses include beverages and white goods, with a strong presence in Denmark, Sweden, Norway, and Finland.

The company specializes in providing transportation and logistics services to various industries. While the exact company size and revenue are not provided in the available information, Skanlog AS is registered as a company in Norway and has been mentioned as a transportation provider for several companies.

Attack Details

Skanlog, a company based in Denmark, became a target of a cyberattack by the LockBit 3.0 ransomware group. The ransomware encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. LockBit 3.0 is heavily obfuscated and protected against analysis, making it difficult for security researchers to study. The ransomware has features like lateral movement through a network and the ability to delete traces of itself to cover its tracks.

h2>LockBit May Attacks

LockBit 3.0, a cybercriminal group, resurfaced in May 2024 following the disruption of its infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach were evident in the diverse sectors and countries affected by its ransomware attacks. LockBit's resurgence highlights the need for enhanced international cooperation and proactive cybersecurity measures to combat such persistent threats effectively.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.