LockBit Ransomware Hits Piedmont Hoist & Crane: Major Cyber Attack on Manufacturing Sector

Incident Date:

July 19, 2024

World map

Overview

Title

LockBit Ransomware Hits Piedmont Hoist & Crane: Major Cyber Attack on Manufacturing Sector

Victim

Piedmont Hoist & Crane

Attacker

Lockbit3

Location

Winston-Salem, USA

North Carolina, USA

First Reported

July 19, 2024

LockBit Ransomware Group Targets Piedmont Hoist & Crane in Devastating Cyber Attack

Overview of Piedmont Hoist & Crane

Piedmont Hoist & Crane, based in Colfax, North Carolina, is a specialized manufacturer and service provider in the overhead lifting equipment sector. Established in 1993, the company has grown from a small service firm to a prominent player in the industry, employing over 30 individuals and serving more than 400 customers across four states. The company is known for its comprehensive range of products, including overhead cranes, crane components, and custom-engineered solutions. Their adherence to the Crane Manufacturers Association of America (CMAA) specifications ensures high standards of safety and performance.

Details of the Ransomware Attack

The ransomware group LockBit, also known as LockBit Black, has claimed responsibility for a cyber attack on Piedmont Hoist & Crane. The attack was announced on LockBit's dark web leak site, indicating that the company's critical infrastructure has been compromised. This incident has the potential to disrupt various aspects of Piedmont Hoist & Crane's operations, including system design, structural analysis, layout integration, and servicing and repair services. The attack underscores the increasing vulnerability of the manufacturing sector to ransomware threats.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become one of the most active ransomware groups, responsible for a significant portion of ransomware attacks in recent years. LockBit employs a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.

Potential Vulnerabilities and Attack Penetration

LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It performs a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The ransomware group also accepts various command-line parameters to modify its behavior, such as spreading laterally via group policy or admin shares and rebooting into Safe Mode.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.