LockBit Ransomware Hits Patel Brass Works: Full Analysis
Incident Date:
July 31, 2024
Overview
Title
LockBit Ransomware Hits Patel Brass Works: Full Analysis
Victim
Patel Brass Works
Attacker
Lockbit3
Location
First Reported
July 31, 2024
LockBit Ransomware Attack on Patel Brass Works: A Detailed Analysis
On August 5, 2024, Patel Brass Works Pvt. Ltd. (PBW), a renowned manufacturer of engineering components, discovered that it had fallen victim to a ransomware attack orchestrated by the LockBit group. The attack targeted the company's website, pbw-india.com, raising significant concerns about the potential impact on the company's operations and data security.
About Patel Brass Works
Established in 1948, Patel Brass Works Pvt. Ltd. (PBW) is a prominent manufacturer specializing in brass and bronze products. Founded by Late Shri R. C. Patel, the company has evolved from a small foundry in Rajkot, India, to a significant player in the engineering components sector. PBW is ISO 9001:2015 certified and offers a diverse array of products, including single metal and solid bronze bushes, washers, and various spare parts for the railway and marine sectors. The company serves both domestic and international markets, with a significant presence in North America, Latin America, Europe, the Middle East, and the Far East.
Attack Overview
The ransomware attack on PBW was claimed by the LockBit group via their dark web leak site. While the exact size of the data leak remains unknown, the incident has raised significant concerns about the potential impact on the company's operations and data security. The attack targeted the company's website, pbw-india.com, and potentially compromised sensitive data.
About LockBit Ransomware Group
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware, LockBit encrypts its payload until execution to hinder malware analysis and detection. The group employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms and typically demands payment in Bitcoin. The group is known for exploiting vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.
Potential Vulnerabilities
PBW's extensive use of advanced machining infrastructure and its significant online presence may have made it a target for threat actors like LockBit. The company's reliance on digital systems for manufacturing and quality assurance processes could have provided multiple entry points for the ransomware. Additionally, the company's international operations and supply chain complexities might have exposed it to various cybersecurity risks.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.