LockBit 3.0 Ransomware Attack on Sonoco Products Company

Incident Date:

May 7, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Sonoco Products Company

Victim

Sonoco Products Company

Attacker

Lockbit3

Location

Sumner, USA

Washington, USA

First Reported

May 7, 2024

Ransomware Attack on Sonoco Products Company by LockBit 3.0

Victim Company Profile

Sonoco Products Company is a global packaging solutions provider that has been operating since 1899, with a presence in more than 85 nations and 330 global plants. The company emphasizes sustainability and eco-friendly solutions, aiming to address various needs from delivering convenient snacks to reducing food waste and preserving the planet.

They offer packaging solutions for a wide range of markets, including protective packaging for goods like refrigerators and electronics. The company has made significant strides in enhancing its packaging solutions, such as introducing fully recyclable packaging solutions like the EnviroCan® and GreenCan®.

Company Vulnerabilities

Sonoco Products Company, being a global leader in packaging solutions, stands out in the industry due to its commitment to sustainability and innovative packaging solutions. Its extensive operations in over 85 countries and 330 global plants make it a prime target for threat actors like LockBit 3.0. The company's wide range of packaging solutions and services, catering to various markets, provides ample opportunities for cybercriminals to exploit vulnerabilities in their systems and launch ransomware attacks.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, distinguishes itself by being an advanced variant of the LockBit ransomware group. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.