LockBit Ransomware Hits John L. Lowery & Associates: Key Insights
Incident Date:
August 11, 2024
Overview
Title
LockBit Ransomware Hits John L. Lowery & Associates: Key Insights
Victim
John L. Lowery & Associates, Inc.
Attacker
Lockbit3
Location
First Reported
August 11, 2024
LockBit Ransomware Attack on John L. Lowery & Associates, Inc.: A Detailed Analysis
John L. Lowery & Associates, Inc., a well-established engineering and technical services firm in the petrochemical industry, recently fell victim to a ransomware attack orchestrated by the notorious cybercriminal group, LockBit. This incident has raised significant concerns about the vulnerabilities and cybersecurity measures within the energy, utilities, and waste sectors.
Company Profile
Founded in 1964, John L. Lowery & Associates, Inc. is headquartered in Baton Rouge, Louisiana. The company employs between 51-200 professionals, including inspectors, engineers, designers, drafters, and analyzer technicians. They provide comprehensive engineering and technical services, primarily for the petrochemical industry, and have expanded their operations both nationally and internationally. The firm is known for its flexible staffing solutions, quality assurance, and commitment to safety and employee welfare.
Attack Overview
The ransomware attack on John L. Lowery & Associates, Inc. was claimed by LockBit via their dark web leak site. The attack compromised the company's data and systems, potentially leading to significant operational disruptions and data breaches. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The exact ransom demand and the extent of the data breach have not been disclosed.
About LockBit
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It is responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The group is known for exploiting vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. LockBit's modular design and use of encrypted payloads make it particularly challenging to detect and analyze.
Potential Vulnerabilities
John L. Lowery & Associates, Inc.'s extensive use of technical personnel and reliance on digital systems for quality assurance, project management, and staffing solutions may have made them an attractive target for LockBit. The company's international operations and diverse client base further increase the potential impact of such an attack. The use of RDP services and network shares, if not adequately secured, could have provided an entry point for the ransomware.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.