LockBit Ransomware Targets Marvell Technology, Threatens Data Leak

Incident Date:

June 23, 2024

World map

Overview

Title

LockBit Ransomware Targets Marvell Technology, Threatens Data Leak

Victim

Marvell Technology, Inc.

Attacker

Lockbit

Location

Minneapolis, USA

Minnesota, USA

First Reported

June 23, 2024

Analysis of LockBit Ransomware Attack on Marvell Technology

Company Profile: Marvell Technology, Inc.

Marvell Technology, Inc., a prominent player in the semiconductor industry, specializes in developing advanced data infrastructure technologies. With a workforce of over 6,500 and more than 10,000 patents, Marvell reported a revenue of $5.5 billion for the fiscal year 2024. The company's expertise spans across data processing, networking, storage, and security, making it integral to the infrastructure of modern data economies and technological advancements in areas like 5G and AI.

Details of the Ransomware Attack

The LockBit3 ransomware group, known for its aggressive extortion tactics, has recently targeted Marvell Technology through an initial compromise of Allied Telesis' network. LockBit3 claims to have exfiltrated over 500 gigabytes of data from Allied Telesis, which includes sensitive data from Marvell. Despite a ransom demand of approximately US$2.9 million, Marvell has opted not to negotiate, prompting LockBit3 to threaten the release of 200GB of Marvell's project data.

Ransomware Group Profile: LockBit3

LockBit3 distinguishes itself through sophisticated attack vectors, including the exploitation of network vulnerabilities and the use of double extortion tactics. This group has been active since 2023 and has been involved in high-profile attacks on various sectors, emphasizing their capability to infiltrate and disrupt significant corporate networks.

Vulnerabilities and Industry Impact

Marvell's significant reliance on digital technologies and its vast network across various sectors increases its vulnerability to cyber-attacks. The semiconductor industry, with its complex supply chains and extensive data exchanges, presents numerous attack vectors for groups like LockBit3. This incident highlights the critical need for enhanced cybersecurity measures within the industry, especially for firms involved in high-stakes technology and infrastructure.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.