lockbit2 attacks Optoma
Incident Date:
June 19, 2022
Overview
Title
lockbit2 attacks Optoma
Victim
Optoma
Attacker
Lockbit2
Location
First Reported
June 19, 2022
Optoma Suffers Ransomware Attack by Lockbit2
Company Overview
Optoma, a leading manufacturer in the display industry, has been targeted by the ransomware group Lockbit2, as reported on their dark web leak site. Optoma is a subsidiary of UnitedHealth Group, which also owns Change Healthcare, a health care payment processor that was hit by a ransomware attack in February 2024. The attack on Change Healthcare has caused significant disruption to the health care system, affecting small and midsize health care providers.
Vulnerabilities and Impact
The ransomware attack on Optoma and its parent company, UnitedHealth Group, has been attributed to the Lockbit2 group. The attack on Change Healthcare involved a type of ransomware called Alphv, which is created by Russian-speaking cybercriminals. The attack on UnitedHealth Group has been described as the most serious incident of its kind leveled against a U.S. health care organization.
The impact of the ransomware attack on Optoma and UnitedHealth Group is still unfolding, with the company working to restore its services and recover from the attack. The attack has caused significant disruption to the health care system, with doctors unable to electronically fill prescriptions and insurance providers unable to reimburse providers.
Response and Recovery
UnitedHealth Group has retained two major cybersecurity companies, Google-owned Mandiant and Palo Alto, to work on recovery from the attack. The FBI, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency are also providing assistance.
Sources
- NBC News: "Ransomware attack on U.S. health care payment processor 'most serious incident of its kind leveled against a U.S. health care organization'"
- PCMag: "UnitedHealth May Have Paid Ransomware Gang $22M to Fix Prescription Fiasco"
- PCMag: "UnitedHealth Rebuilds Halted Services Following Ransomware Attack"
- TechTarget: "Publicly disclosed U.S. ransomware attacks database"
- Dakota News Now: "Ransomware group 'Blackcat' behind UnitedHealth Group cyberattack"
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.