LockBit 3.0 Ransomware Attack on UF Resources Corporation

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on UF Resources Corporation

Victim

UF Resources Corporation

Attacker

Lockbit3

Location

University Park, USA

Florida, USA

First Reported

May 9, 2024

Ransomware Attack on UF Resources Corporation by LockBit 3.0

Victim Company Profile

UF Resources Corporation is an insurance and financial services holding company founded in 2008 and headquartered in University Park, Florida. The company provides a broad spectrum of services to its subsidiaries and partners, including finance, accounting, human resources, information technology, sales, marketing, and other related core infrastructure. UF Resources has a team of 24 employees and generated $5.7 million in revenue in 2023. The company's mission is to help its customers achieve their desired retirement lifestyle and provide them with peace of mind when working with UF Resources.

LockBit 3.0 Ransomware Group

The LockBit 3.0 ransomware group is an evolution of the LockBit group, operating as a Ransomware-as-a-Service (RaaS) group. LockBit 3.0, also known as LockBit Black, is considered one of the most dangerous and disruptive ransomware threats currently active. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study. LockBit 3.0 has features like lateral movement through a network via group policy updates and covering its tracks by deleting traces of itself.

Ransomware Attack Details

In this cyber incident, the victim website fell victim to a ransomware attack orchestrated by LockBit 3.0. Ransomware is a type of malicious software designed to block access to a computer system or files until a sum of money is paid. LockBit 3.0 employed this technique to encrypt the victim's data and demand payment for its release. The attack likely caused significant disruption and financial loss to the victim organization.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos." LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. LockBit's recent activities targeted diverse industries globally, showcasing its global reach and adaptability.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.