lockbit2 attacks Beauty product group

Incident Date:

February 15, 2022

World map



lockbit2 attacks Beauty product group


Beauty product group




Salt Lake, USA

Utah, USA

First Reported

February 15, 2022

Beauty Industry Group (BIG) Targeted by Lockbit2 Ransomware Group

The Beauty Industry Group (BIG), a multi-brand, multi-channel platform offering both professional and do-it-yourself hair extension products, has been targeted by the Lockbit2 ransomware group. The company, founded in 2004 and headquartered in Salt Lake City, Utah, employs over 500 people worldwide and serves customers globally.

BIG curates a portfolio of more than a dozen independent brands catering to both professional and direct-to-consumer beauty markets across the globe. The company is known for its commitment to continuous innovation and corporate responsibility, with a focus on kindness and ethical conduct.

The Lockbit2 ransomware group claimed the attack on BIG's website, which is http://www.beautyindustrygroup.com/. The attack has not been confirmed by the company, and no further details about the nature of the attack or the extent of the damage have been disclosed.

Vulnerabilities and Mitigation

The beauty industry has been a target for cybercriminals in recent years, with ransomware attacks on companies like Estée Lauder and other cosmetics giants. To mitigate the risks of ransomware attacks, companies should focus on improving their cybersecurity posture, including:

  • Regularly updating software and systems to patch known vulnerabilities.
  • Implementing multi-factor authentication to secure access to sensitive data.
  • Conducting regular security audits and penetration testing to identify potential weaknesses.
  • Educating employees about the risks of phishing and other social engineering attacks.
  • Backing up critical data and maintaining offsite backups to minimize the impact of data loss.

By addressing these vulnerabilities and implementing robust cybersecurity measures, companies can reduce their risk of falling victim to ransomware attacks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.