LockBit Ransomware Hits NOAB in Major Cyber Attack and Data Breach
Incident Date:
July 8, 2024
Overview
Title
LockBit Ransomware Hits NOAB in Major Cyber Attack and Data Breach
Victim
NOAB NL
Attacker
Lockbit3
Location
First Reported
July 8, 2024
LockBit Ransomware Group Targets NOAB NL in Major Cyber Attack
Overview of the Attack
The ransomware group LockBit 3.0 has claimed responsibility for a significant cyber attack on NOAB NL, a prominent Dutch organization representing over 1,100 accounting and tax advisory firms. The attackers have allegedly exfiltrated 1 terabyte of sensitive data from NOAB NL and its associated companies, including Kontinu Consultancy, DENI Wheelstyling, and Profi-Sec Group. The ransom deadline has been set for July 20, 2024.
About NOAB NL
NOAB NL, or the Nederlandse Orde van Administrateurs en Belastingadviseurs, is a key organization in the Netherlands that supports accounting and tax advisory firms, primarily small and medium-sized enterprises (SMEs). The organization focuses on advocacy, educational programs, knowledge sharing, resource access, insurance, and community engagement. NOAB NL is known for its role in setting industry standards and providing guidance to its members.
Vulnerabilities and Targeting
NOAB NL's extensive network and repository of sensitive financial data make it an attractive target for ransomware groups like LockBit. The organization's reliance on digital platforms for educational programs, resource sharing, and member communication could have presented vulnerabilities that were exploited by the attackers. The breach underscores the importance of robust cybersecurity measures in protecting sensitive information.
About LockBit Ransomware Group
LockBit is a sophisticated ransomware-as-a-service (RaaS) group active since September 2019. It employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit uses advanced encryption algorithms and exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across networks. The group is known for its modular ransomware, which encrypts its payload until execution to hinder detection.
Penetration Methods
LockBit likely penetrated NOAB NL's systems through vulnerabilities in RDP services or unsecured network shares. The ransomware's ability to spread laterally via group policy or admin shares, combined with its use of command-line parameters to modify behavior, makes it a formidable threat. The attack on NOAB NL highlights the need for continuous monitoring and updating of cybersecurity protocols to defend against such sophisticated threats.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.