LockBit 3.0 Ransomware Strikes Kraš Hrvatska

Incident Date:

May 7, 2024

World map

Overview

Title

LockBit 3.0 Ransomware Strikes Kraš Hrvatska

Victim

Kraš Hrvatska

Attacker

Lockbit3

Location

Zagreb, Croatia

, Croatia

First Reported

May 7, 2024

Ransomware Attack on Kraš Hrvatska by LockBit 3.0

Victim Company Profile

The victim of the ransomware attack, Kraš Food Industry Plc, is a Croatian company specializing in confectionery products. With 262 employees and an annual revenue of $560 million, Kraš is a prominent player in the food processing industry. The company stands out for its long-standing reputation for producing high-quality sweets, cookies, and chocolate products, and it exports its offerings to various international markets.

Kraš's vulnerabilities in being targeted by threat actors lie in its extensive network of operations and its global reach. As a well-known brand in the confectionery sector, the company's valuable intellectual property and customer data make it an attractive target for cybercriminals seeking financial gain through ransomware attacks.

LockBit 3.0 Ransomware Group

The LockBit 3.0 ransomware group, also known as LockBit Black, distinguishes itself by its advanced capabilities and evasive techniques. This ransomware variant encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes, making it challenging for security researchers to analyze.

The ransomware group could have penetrated Kraš's systems through phishing emails, exploiting unpatched software vulnerabilities, or gaining unauthorized access to the company's network. LockBit 3.0's affiliate-based approach allows cybercriminals to leverage its ransomware tools, increasing the likelihood of successful attacks on organizations like Kraš.

LockBit May Attacks

LockBit 3.0's resurgence in the May 2024 attacks following "Operation Cronos" highlights the group's adaptability and global impact. Despite law enforcement efforts to disrupt its infrastructure, LockBit swiftly resumed its malicious activities, targeting numerous victims across sectors and countries. The need for enhanced international cooperation and proactive cybersecurity measures is crucial to combat the persistent threat posed by LockBit and similar ransomware groups.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.