LockBit Ransomware Strikes Indonesia's Top Tinplate Maker

Incident Date:

July 1, 2024

World map

Overview

Title

LockBit Ransomware Strikes Indonesia's Top Tinplate Maker

Victim

Pelat Timah Nusantara (Latinusa), Tbk

Attacker

Lockbit3

Location

Cilegon, Indonesia

, Indonesia

First Reported

July 1, 2024

Analysis of the LockBit Ransomware Attack on Pelat Timah Nusantara (Latinusa), Tbk

Company Profile: Pelat Timah Nusantara (Latinusa), Tbk

Pelat Timah Nusantara, commonly known as Latinusa, is Indonesia's premier tinplate manufacturer, established in 1982. The company specializes in producing high-quality tinplate primarily used for packaging in the food and beverage industry. Latinusa stands out in the Southeast Asian market not only due to its strategic location in tin-rich Indonesia but also because of its commitment to sustainability and continuous innovation in packaging solutions. The company is majority-owned by a Japanese consortium, which includes industry giants such as Nippon Steel Corporation and Mitsui Co. Ltd., underscoring its international standards of operation.

Details of the Ransomware Attack

Latinusa fell victim to a ransomware attack orchestrated by the notorious LockBit group, as confirmed by the group's claim on their dark web leak site. This incident highlights significant vulnerabilities, particularly in the cybersecurity measures employed by manufacturing entities deeply integrated with global supply chains. The exact penetration methods remain under investigation, however, LockBit's known tactics include exploiting Remote Desktop Protocol (RDP) vulnerabilities and leveraging phishing attacks to gain initial access.

Profile of the LockBit Ransomware Group

LockBit, a highly sophisticated ransomware-as-a-service (RaaS) operation, has been active since 2019 and is notorious for its aggressive extortion tactics. The group specializes in double extortion, where they encrypt the victim's data and threaten to release it unless a ransom is paid. LockBit uses advanced encryption methods and has a unique capability to avoid detection by not executing in regions associated with the Commonwealth of Independent States (CIS). This strategic operational choice minimizes local scrutiny and potential legal repercussions in those areas.

Potential Entry Points and System Vulnerabilities

Given LockBit's modus operandi, it is plausible that Latinusa's systems were compromised through insufficiently secured network points or through social engineering tactics that tricked employees into granting access. Manufacturing firms like Latinusa are particularly vulnerable due to their extensive reliance on automated systems and interconnected networks that, if not adequately protected, provide multiple entry points for cybercriminals.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.