LockBit 3.0 Ransomware Attack on Slovak National Library

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Slovak National Library

Victim

Slovak National Library

Attacker

Lockbit3

Location

Martin, Slovakia

, Slovakia

First Reported

May 9, 2024

Ransomware Attack on Slovak National Library by LockBit 3.0

Victim Profile

The Slovak National Library (Slovenská národná knižnica) is the national library of Slovakia. Operating within the Education sector, this modern institution caters to all citizens of Slovakia and visitors from overseas. Renowned for its collection of indigenous and foreign Slovakicist documents, the library safeguards publications from Slovakia, offers services to students, educators, researchers, and specialists, runs specialized facilities, and executes national initiatives like the Digital Library and Digital Archive. This institution employs between 201 and 500 individuals and is headquartered in Martin, Žilinský kraj, Slovakia.

Attack Overview

The ransomware attack on Sripatum University involved the exfiltration of sensitive data, including accounting records, student information, financial data, and personally identifiable information (PII). The attackers utilized ransomware techniques to compromise the university's systems, leading to the leakage of a sample of the exfiltrated data online.

Vulnerabilities

While the Slovak National Library is recognized for its commitment to providing access to knowledge resources through its extensive collection of over 5 million volumes and its role in preserving Slovakia's cultural heritage, its digital archives and online presence make it an attractive target for threat actors looking to exploit system vulnerabilities.

Ransomware Group Profile

Standing out as a highly sophisticated ransomware variant, LockBit 3.0, also known as LockBit Black, encrypts files, alters filenames, changes desktop backgrounds, and delivers ransom demands. The group's capacity to move laterally within networks and conceal its activities makes it a significant threat. By offering Ransomware-as-a-Service, LockBit enables other cybercriminals to employ its malware for attacks, broadening its scope and impact.

Lockbit 3.0 May 2024 Attacks

The ransomware attack on the Slovak National Library is part of LockBit 3.0's May 2024 offensive. Despite law enforcement actions during "Operation Cronos," LockBit quickly resumed its operations, targeting numerous victims across various sectors and countries. The group's adaptability and global reach highlight the difficulties in effectively combating cybercrime.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.