LockBit Ransomware Hits Piedmont Hoist & Crane: Major Cyber Attack on Manufacturing Sector
Incident Date:
July 19, 2024
Overview
Title
LockBit Ransomware Hits Piedmont Hoist & Crane: Major Cyber Attack on Manufacturing Sector
Victim
Piedmont Hoist & Crane
Attacker
Lockbit3
Location
First Reported
July 19, 2024
LockBit Ransomware Group Targets Piedmont Hoist & Crane in Devastating Cyber Attack
Overview of Piedmont Hoist & Crane
Piedmont Hoist & Crane, based in Colfax, North Carolina, is a specialized manufacturer and service provider in the overhead lifting equipment sector. Established in 1993, the company has grown from a small service firm to a prominent player in the industry, employing over 30 individuals and serving more than 400 customers across four states. The company is known for its comprehensive range of products, including overhead cranes, crane components, and custom-engineered solutions. Their adherence to the Crane Manufacturers Association of America (CMAA) specifications ensures high standards of safety and performance.
Details of the Ransomware Attack
The ransomware group LockBit, also known as LockBit Black, has claimed responsibility for a cyber attack on Piedmont Hoist & Crane. The attack was announced on LockBit's dark web leak site, indicating that the company's critical infrastructure has been compromised. This incident has the potential to disrupt various aspects of Piedmont Hoist & Crane's operations, including system design, structural analysis, layout integration, and servicing and repair services. The attack underscores the increasing vulnerability of the manufacturing sector to ransomware threats.
About LockBit Ransomware Group
LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become one of the most active ransomware groups, responsible for a significant portion of ransomware attacks in recent years. LockBit employs a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.
Potential Vulnerabilities and Attack Penetration
LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. It performs a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. The ransomware group also accepts various command-line parameters to modify its behavior, such as spreading laterally via group policy or admin shares and rebooting into Safe Mode.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.