LockBit Ransomware Hits Federated Co-operatives: 10TB Data Stolen
Incident Date:
August 3, 2024
Overview
Title
LockBit Ransomware Hits Federated Co-operatives: 10TB Data Stolen
Victim
Federated Co-operatives Limited
Attacker
Lockbit3
Location
First Reported
August 3, 2024
LockBit Ransomware Attack on Federated Co-operatives Limited
Federated Co-operatives Limited (FCL), a prominent co-operative organization in Western Canada, has fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The cybercriminals claim to have exfiltrated 10 terabytes of data and have threatened to release this information on August 23, 2023. This incident adds to the challenges FCL is already facing, following a significant cyberattack in late June.
About Federated Co-operatives Limited
FCL is a significant player in Western Canada's economic landscape, serving as a wholesaler to over 160 independent retail co-operatives owned by more than 2 million individual members. The organization operates across several key sectors, including energy, food, agriculture, and home and building supplies. FCL's extensive network and diverse business operations make it a vital contributor to the region's economy, with an estimated revenue between $5 to $10 billion USD.
FCL's commitment to sustainability and community involvement is evident through initiatives like reducing emissions, eliminating waste, and investing in local communities. The organization also supports community programs through the Co-op Community Spaces and the Community Investment Fund.
Attack Overview
The LockBit ransomware group has claimed responsibility for the attack on FCL, stating that they have exfiltrated 10 terabytes of data. The group has threatened to release this data publicly if their ransom demands are not met. The attack has left FCL grappling with the aftermath, and the company has yet to issue a public statement regarding the breach.
About LockBit Ransomware Group
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware, LockBit encrypts its payload until execution to hinder malware analysis and detection. The group employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.
LockBit exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region.
Potential Vulnerabilities
FCL's extensive operations and large network make it a prime target for ransomware attacks. The organization's reliance on digital infrastructure for its diverse business activities, including energy, food, and agriculture, increases its vulnerability to cyber threats. Additionally, the interconnected nature of its co-operative model, serving over 160 independent retail co-operatives, presents multiple entry points for threat actors.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.