LockBit Ransomware Strikes Kentucky's Crisis Center

Incident Date:

July 2, 2024

World map

Overview

Title

LockBit Ransomware Strikes Kentucky's Crisis Center

Victim

Merryman House Domestic Crisis Center

Attacker

Lockbit3

Location

Paducah, USA

Kentucky, USA

First Reported

July 2, 2024

Analysis of the LockBit Ransomware Attack on Merryman House Domestic Crisis Center

Overview of Merryman House Domestic Crisis Center

Merryman House Domestic Crisis Center, a pivotal institution in Kentucky, is dedicated to providing comprehensive support to victims of domestic violence. As a non-profit organization, it serves a crucial role in the community by offering emergency shelter, counseling, legal advocacy, and economic empowerment programs. The center operates a 36-bed facility and extends its services across multiple counties, making it a significant player in the healthcare services sector focused on domestic crisis management.

Details of the Ransomware Attack

On July 3, 2024, Merryman House became a target of the ransomware group LockBit. The specifics of the data compromised during this incident have not been fully disclosed, but the attack was publicized through LockBit3's dark web leak site, indicating a serious security breach. The attack on such a sensitive and critical institution underscores the vulnerability of non-profit organizations that handle substantial personal and sensitive data.

Profile of LockBit Ransomware Group

LockBit, known for its aggressive and sophisticated ransomware campaigns, has been notably active since its emergence in 2019. This group operates on a ransomware-as-a-service model, making it particularly prolific and dangerous. LockBit is distinguished by its use of advanced encryption methods and its strategy of double extortion, where they not only encrypt the victim's data but also threaten to release it publicly if their ransom demands are not met. Their targeting mechanisms often exploit vulnerabilities such as those found in Remote Desktop Protocol (RDP) services and unsecured network shares.

Potential Vulnerabilities and Entry Points

The specific vector used by LockBit to infiltrate Merryman House's network has not been publicly disclosed. However, common entry points for such attacks include phishing, exploitation of unpatched software vulnerabilities, and compromised credentials. Given the extensive services and sensitive nature of the data handled by Merryman House, it is plausible that multiple entry points could have been exploited. The organization's significant reliance on digital records for client management and support could have made it an attractive target for LockBit, aiming to leverage the critical nature of the data for a higher likelihood of ransom payment.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.