lockbit2 attacks Girlguiding Laser

Incident Date:

January 27, 2022

World map

Overview

Title

lockbit2 attacks Girlguiding Laser

Victim

Girlguiding Laser

Attacker

Lockbit2

Location

Jaggard Way, United Kingdom

London, United Kingdom

First Reported

January 27, 2022

LockBit2 Ransomware Attack on Girlguiding LaSER

Girlguiding LaSER, a charity organization based in London and the South East of England, has suffered a ransomware attack by the LockBit2 group. The attack was confirmed on their website, which states that they became aware of the incident last week and have since disconnected their server from their computers. The organization, which consists of 11,200 volunteers and 2,990 local groups, operates in the Organizations sector and has been targeted by the LockBit2 ransomware gang, which is known for its spree of attacks on various entities in Europe.

Victim Profile

Girlguiding LaSER is a part of Girlguiding, a larger organization with 10 countries and regions, and functions as its own charity. The organization covers Greater London, Surrey, Sussex, Kent, and part of Essex, and holds information to help with the running of the region. They have 44,000+ girls from 4-18 who come together to laugh, learn, explore, and have adventures.

Vulnerabilities and Impact

The attack on Girlguiding LaSER highlights the vulnerabilities of organizations in the non-profit sector, which may not always have the same level of resources or expertise in cybersecurity as larger corporations. The ransomware attack could potentially have accessed personal data shared with the organization, including contact details, dates of birth, and bank account numbers. The organization has advised members to remain vigilant for suspicious communications and to protect themselves from fraud and identity theft.

Response and Mitigation

Girlguiding LaSER has informed the Information Commissioner’s Office (ICO) and the Metropolitan Police Cybercrime unit, and is investigating the incident with external IT Forensics consultants. They have disconnected their server from their computers and are providing updates to members as new information becomes available.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.