lockbit2 attacks Latam

Incident Date:

February 28, 2022

World map



lockbit2 attacks Latam






Vancouver, USA

Washington, USA

First Reported

February 28, 2022

Ransomware Attack on CCLI: A Vulnerability in the Media & Internet Sector

Company Size and Industry Standout

CCLI stands as a significant entity within the Media & Internet sector, providing over 230,000 churches, schools, and organizations with licensing solutions and legal content. For 35 years, CCLI has been dedicated to resourcing the church, empowering worship teams, and facilitating moments of true encounters with Jesus through affordable, legal content.

Vulnerabilities and Targeting

The recent attack on CCLI by the ransomware group Lockbit2 underscores the inherent vulnerabilities faced by companies operating within the Media & Internet sector. These organizations are particularly susceptible to cyber threats due to their heavy reliance on digital infrastructure and the sensitive nature of their data. In this instance, Lockbit2 exploited compromised valid credentials, likely sourced from a successful infostealer infection, to infiltrate CCLI's systems.

This incident is reflective of a larger pattern of ransomware attacks targeting entities in Latin America, including government organizations. Despite efforts to bolster national cybersecurity defenses, significant vulnerabilities remain, leaving the region at heightened risk of such cyber threats.

The ransomware attack on CCLI serves as a critical reminder of the need for robust cybersecurity measures within the Media & Internet sector, especially for organizations operating in Latin America. As the digital landscape evolves, maintaining vigilance and investing in comprehensive IT security education, training, and infrastructure is essential to safeguard against emerging cyber threats.


  • The Surge in Cyber Attacks on Latin American Governments - SOCRadar. Available at SOCRadar
  • Ransomware Attack Hits Claro across Latin America | Commsrisk. Available at Commsrisk
  • Latin American Governments Targeted By Ransomware. Available at Infosecurity Magazine
  • Colombia Reports Cyberattack With Impact Across Latin America. Available at Reuters

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.