LockBit 3.0 Ransomware Attack on UNITER

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on UNITER

Victim

UNITER

Attacker

Lockbit3

Location

Carral, Spain

, Spain

First Reported

May 9, 2024

Ransomware Attack on UNITER by LockBit 3.0

Victim Profile

UNITER, a company specializing in textile labeling, offers innovative and sustainable solutions for product identification. With over 20 years of experience, they work with leading fashion brands globally, serving more than a thousand clients in over forty-five countries. Their focus on custom labels using various colors, qualities, finishes, and recycled materials sets them apart in the industry.

Ransomware Group Profile

The LockBit 3.0 ransomware group, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from its predecessors, LockBit and LockBit 2.0. This group is known for its advanced capabilities, including file encryption, desktop modifications, and lateral movement through networks. LockBit 3.0 is considered highly evasive and modular, making it challenging to detect and defend against.

Ransomware Attack Details

A cybercrime attack using LockBit 3.0 ransomware targeted UNITER's website in Spain, resulting in the exfiltration of 60 GB of sensitive data, including financial records and invoices. While the ransom demand remains unspecified, the attackers leaked a sample of the exfiltrated data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.