LockBit Ransomware Hits AER Worldwide, Threatens 300GB Data Leak

Incident Date:

August 17, 2024

World map

Overview

Title

LockBit Ransomware Hits AER Worldwide, Threatens 300GB Data Leak

Victim

AER Worldwide

Attacker

Lockbit3

Location

Fremont, USA

California, USA

First Reported

August 17, 2024

LockBit Ransomware Group Targets AER Worldwide in Major Cyber Attack

AER Worldwide, a prominent player in the IT asset management and e-cycling sector, has recently fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The attack, which has been publicized on LockBit's dark web leak site, threatens to release 300GB of sensitive company data if the ransom demands are not met by August 27.

About AER Worldwide

Founded in 1996 and headquartered in Livermore, California, AER Worldwide specializes in IT asset management, reverse logistics, and e-cycling services. The company operates several ISO-certified facilities globally, particularly in the United States, and is committed to environmentally responsible practices throughout the lifecycle of IT products. AER Worldwide's core offerings include IT asset disposition (ITAD), secure destruction of sensitive data, and e-cycling. The company emphasizes environmental stewardship and data security, adhering to regulations and certifications such as R2 and RIOS.

What Makes AER Worldwide Stand Out

AER Worldwide is recognized for its eco-friendly solutions and services throughout the entire IT product lifecycle. The company focuses on transforming underused IT equipment back into the electronics supply chain, contributing to both economic and environmental sustainability. Despite being a small company with 68 U.S.-based employees, AER Worldwide has a global presence with six ISO-14001 certified recycling facilities and a network of prequalified recycling partners. The company's commitment to sustainability and data security makes it a leader in its industry.

Details of the Ransomware Attack

The LockBit ransomware group has claimed responsibility for the attack on AER Worldwide, threatening to release 300GB of the company's data. The attackers have already shared sample screenshots on their dark web portal to substantiate their claims. The attack highlights the vulnerabilities that even well-established companies like AER Worldwide face in the ever-evolving landscape of cyber threats.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware that encrypts its payload until execution, LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group uses a combination of RSA-2048 and AES-256 encryption algorithms and typically demands payment in Bitcoin. LockBit exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.

Potential Penetration Methods

LockBit could have penetrated AER Worldwide's systems through various means, including exploiting vulnerabilities in RDP services or unsecured network shares. The ransomware is designed to spread quickly across a network, making it a formidable threat. The attack underscores the importance of robust cybersecurity measures, even for companies with strong commitments to data security and environmental stewardship.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.