LockBit Ransomware Attack on iteam Technology Solutions S.A.: Details and Impact
Incident Date:
July 19, 2024
Overview
Title
LockBit Ransomware Attack on iteam Technology Solutions S.A.: Details and Impact
Victim
iteam Technology Solutions S.A.
Attacker
Lockbit3
Location
First Reported
July 19, 2024
LockBit Ransomware Attack on iteam Technology Solutions S.A.
Overview of iteam Technology Solutions S.A.
Established in 1999, iteam Technology Solutions S.A. is a prominent technology solutions provider based in Athens, Greece. The company specializes in delivering a range of IT services and products to large and medium-sized enterprises. Their core services include custom software development, software testing, infrastructure management, business intelligence, and artificial intelligence. Notably, iteam has developed proprietary products such as a Business Process Management System and a Regulatory Compliance Management System. The company is recognized as a Gold Microsoft Certified Partner and collaborates with major industry players like Aegean Airlines through their aviBright unit.
Details of the Ransomware Attack
iteam Technology Solutions S.A. recently fell victim to a ransomware attack orchestrated by the notorious LockBit group. The attack led to significant operational disruptions and potentially jeopardized sensitive client data and internal information. LockBit, known for its sophisticated encryption techniques and high ransom demands, targeted the organization, which employs between 51 and 200 staff members. The attack underscores the growing threat of ransomware within the IT services sector.
About LockBit Ransomware Group
LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in recent years. LockBit employs a combination of RSA-2048 and AES-256 encryption algorithms and uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across networks.
Potential Vulnerabilities and Penetration Methods
LockBit likely penetrated iteam Technology Solutions S.A.'s systems by exploiting vulnerabilities in RDP services or unsecured network shares. The ransomware's modular design and encryption techniques make it difficult to detect and analyze. Additionally, LockBit performs checks to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region, indicating a targeted approach. The attack highlights the importance of robust cybersecurity measures, especially for companies in the IT services sector.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.