LockBit 3.0 Ransomware Attack on Sonoco Products Company
Incident Date:
May 7, 2024
Overview
Title
LockBit 3.0 Ransomware Attack on Sonoco Products Company
Victim
Sonoco Products Company
Attacker
Lockbit3
Location
First Reported
May 7, 2024
Ransomware Attack on Sonoco Products Company by LockBit 3.0
Victim Company Profile
Sonoco Products Company is a global packaging solutions provider that has been operating since 1899, with a presence in more than 85 nations and 330 global plants. The company emphasizes sustainability and eco-friendly solutions, aiming to address various needs from delivering convenient snacks to reducing food waste and preserving the planet.
They offer packaging solutions for a wide range of markets, including protective packaging for goods like refrigerators and electronics. The company has made significant strides in enhancing its packaging solutions, such as introducing fully recyclable packaging solutions like the EnviroCan® and GreenCan®.
Company Vulnerabilities
Sonoco Products Company, being a global leader in packaging solutions, stands out in the industry due to its commitment to sustainability and innovative packaging solutions. Its extensive operations in over 85 countries and 330 global plants make it a prime target for threat actors like LockBit 3.0. The company's wide range of packaging solutions and services, catering to various markets, provides ample opportunities for cybercriminals to exploit vulnerabilities in their systems and launch ransomware attacks.
Ransomware Group Distinction
LockBit 3.0, also known as LockBit Black, distinguishes itself by being an advanced variant of the LockBit ransomware group. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study.
LockBit May Attacks
This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.
Sources:
- Sonoco Products Company Website
- AnnualReports - Sonoco Products Company
- Sonoco Products Company North America
- Sonoco Europe
- UK Essays - Sonoco Products Company
- Washington State Department of Ecology - Sonoco Products Company
- VMware Blog - LockBit 3.0
- SentinelOne - LockBit 3.0
- Trend Micro - LockBit 3.0
- Times of India - LockBit 3.0
- Wazuh Blog - LockBit 3.0
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.