LockBit 3.0 Ransomware Attack on Skanlog AV
Incident Date:
May 8, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Skanlog AV
Victim
Skanlog AV
Attacker
Lockbit3
Location
First Reported
May 8, 2024
Ransomware Attack on Skanlog AV by LockBit 3.0
Victim Profile
Skanlog AS, a Norwegian transportation and logistics company based in Langå, Norway, has fallen victim to a cyberattack by the LockBit 3.0 ransomware group. Skanlog is a leading independent third-party logistics (3PL) company in Scandinavia, providing comprehensive supply chain management solutions to various industries. The company's core businesses include beverages and white goods, with a strong presence in Denmark, Sweden, Norway, and Finland.
The company specializes in providing transportation and logistics services to various industries. While the exact company size and revenue are not provided in the available information, Skanlog AS is registered as a company in Norway and has been mentioned as a transportation provider for several companies.
Attack Details
Skanlog, a company based in Denmark, became a target of a cyberattack by the LockBit 3.0 ransomware group. The ransomware encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. LockBit 3.0 is heavily obfuscated and protected against analysis, making it difficult for security researchers to study. The ransomware has features like lateral movement through a network and the ability to delete traces of itself to cover its tracks.
h2>LockBit May Attacks
LockBit 3.0, a cybercriminal group, resurfaced in May 2024 following the disruption of its infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach were evident in the diverse sectors and countries affected by its ransomware attacks. LockBit's resurgence highlights the need for enhanced international cooperation and proactive cybersecurity measures to combat such persistent threats effectively.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.