lockbit2 attacks applya

Incident Date:

April 13, 2022

World map



lockbit2 attacks applya






Greenville, USA

South Carolina, USA

First Reported

April 13, 2022

Ransomware Attack on Applya: A Business Services Company Targeted by Lockbit2

On March 21, 2024, the ransomware group Lockbit2 claimed an attack on Applya, a company operating in the Business Services sector. The victim's website is https://applya.com/. While the exact size of the company is not publicly available, it is known that Applya provides services in the human resources and recruitment industry, making it a valuable target for cybercriminals seeking to exploit sensitive data.

Industry Standout and Vulnerabilities

Applya's website highlights its focus on providing a comprehensive suite of services, including background checks, drug screening, and compliance solutions. The company's mission is to help businesses make informed hiring decisions by providing accurate and reliable information. However, this focus on data-driven decision-making also makes Applya vulnerable to ransomware attacks, as the theft and exposure of sensitive information can lead to significant financial and reputational damage.

Ransomware Attack and Response

Lockbit2, a prolific ransomware group, has been known to target a wide range of industries, including healthcare, finance, and government organizations. The group typically uses a ransomware-as-a-service (RaaS) model, where affiliates receive a percentage of the ransom paid by the victim. In the case of Applya, the ransomware attack likely involved the encryption of sensitive data, followed by a demand for payment in exchange for the decryption key.

Mitigation Strategies

To mitigate the risks of ransomware attacks, companies should employ multifactor authentication, apply the least privilege principle, enable logical and physical network segmentation, deploy attack surface management, secure domain controllers, maintain offline and encrypted backups, and track security patches and software/OS updates. Additionally, organizations should stay informed about the latest threats and trends in the dark web, where ransomware groups often leak stolen data.

The ransomware attack on Applya serves as a reminder of the ongoing threat posed by cybercriminals to businesses in various sectors. By understanding the vulnerabilities and implementing appropriate security measures, companies can better protect themselves against these attacks and minimize the potential damage.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.