LockBit 3.0 Ransomware Attack on Virgin Islands Emergency Management Agency

Incident Date:

May 9, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Attack on Virgin Islands Emergency Management Agency

Victim

Virgin Islands Emergency Management Agency (VITEMA)

Attacker

Lockbit3

Location

St. Thomas, USA

Virgin Islands, USA

First Reported

May 9, 2024

Ransomware Attack on Virgin Islands Emergency Management Agency by LockBit 3.0

Victim Profile

The Virgin Islands Territorial Emergency Management Agency (VITEMA) is the emergency management agency of the U.S. Virgin Islands. It is responsible for coordinating disaster response and recovery efforts in the territory. VITEMA's operations are guided by the National Incident Management System (NIMS), which standardizes resource management procedures for optimum coordination among different islands, departments, and agencies of the V.I. Government and the private sector.

Company Size and Industry Standing

The agency stands out in the industry for its commitment to quality emergency response services and homeland security. VITEMA is the sole government agency designated to supervise, administer, and coordinate all-hazards response and recovery operations in the U.S. Virgin Islands.

Attack Penetration

The ransomware attack on VITEMA by LockBit 3.0 involved the compromise of the agency's website and the exfiltration of approximately 14 GB of sensitive data. Despite the absence of a ransom demand, the exfiltrated data poses significant risks to VITEMA's operations and the privacy of individuals involved. The agency's critical role in disaster response and recovery operations makes it an attractive target for cybercriminals seeking to disrupt essential services and compromise sensitive information.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. The group distinguishes itself by adopting an affiliate-based ransomware approach and introducing new features and capabilities in its latest variant. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, targeting a wide range of organizations globally.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.