LockBit Ransomware Hits Five Star Products in Major Cyber Attack
Incident Date:
September 15, 2024
Overview
Title
LockBit Ransomware Hits Five Star Products in Major Cyber Attack
Victim
Five Star Products
Attacker
Lockbit3
Location
First Reported
September 15, 2024
LockBit Ransomware Group Targets Five Star Products in Devastating Cyber Attack
Five Star Products, a specialized manufacturer renowned for its high-performance construction materials, has become the latest victim of a ransomware attack orchestrated by the notorious LockBit group. The attack, which has been explicitly claimed by LockBit on their dark web leak site, has compromised the company's data and systems, highlighting the persistent threat posed by advanced ransomware groups.
About Five Star Products
Founded in 1955, Five Star Products, Inc. is a prominent manufacturer specializing in precision grouting, waterproofing, and concrete restoration solutions. The company operates under a strict quality control system adhering to the ISO 9001-2015 standard, ensuring high-quality outputs from its strategically located manufacturing facilities worldwide. Five Star Products serves a wide array of markets, including the petrochemical, power generation, industrial manufacturing, marine construction, and infrastructure development sectors. Their commitment to innovation is underscored by an extensive portfolio of over 100 patents worldwide.
Attack Overview
The ransomware attack on Five Star Products has likely resulted in the encryption of critical files, rendering them inaccessible. LockBit, known for its sophisticated encryption techniques and aggressive ransom demands, employs a combination of RSA-2048 and AES-256 encryption algorithms. The group uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The attack underscores the vulnerabilities that even well-established companies face in the ever-evolving landscape of cyber threats.
About LockBit Ransomware Group
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit distinguishes itself through its modular ransomware, which encrypts its payload until execution to hinder malware analysis and detection. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.
Penetration and Impact
LockBit's ability to exploit vulnerabilities in RDP services and unsecured network shares likely facilitated the penetration of Five Star Products' systems. The ransomware performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region, indicating a strategic approach to targeting specific regions. The attack on Five Star Products highlights the critical need for advanced cybersecurity measures to protect against such sophisticated threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.