LockBit Ransomware Hits Goldstar Metal: Major Cyber Attack Exposes Data Vulnerabilities

Incident Date:

July 19, 2024

World map

Overview

Title

LockBit Ransomware Hits Goldstar Metal: Major Cyber Attack Exposes Data Vulnerabilities

Victim

Goldstar Metal

Attacker

Lockbit3

Location

Samutsakorn, Thailand

, Thailand

First Reported

July 19, 2024

LockBit Ransomware Group Targets Goldstar Metal in Devastating Cyber Attack

Overview of Goldstar Metal

Goldstar Metal is a prominent manufacturer and distributor of extruded aluminium products based in Thailand. The company is renowned for its high-quality aluminium extrusion profiles, produced using state-of-the-art equipment and a variety of extrusion presses. Goldstar Metal adheres to international safety and quality control standards, including the JIS H4001:2015 Japanese standard, ISO 9001:2015 accreditation, and the Thai TIS 284-1987 certification. The company also offers post-production surface finishing options such as anodising and powder coating, which enhance the durability and aesthetic appeal of their products.

Details of the Ransomware Attack

On July 19, 2024, Goldstar Metal fell victim to a ransomware attack orchestrated by the notorious LockBit group. The attack was publicly claimed on LockBit's dark web leak site. While the exact size of the data leak remains unknown, the incident has raised significant concerns about the security of Goldstar Metal's sensitive information and operational integrity. The company is currently assessing the full impact of the breach and working to mitigate any potential damage.

About LockBit Ransomware Group

LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. The group is responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.

Potential Vulnerabilities and Attack Vectors

LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. Goldstar Metal's reliance on advanced manufacturing technologies and extensive digital infrastructure may have made it an attractive target for the ransomware group.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.