lockbit2 attacks S. & S. srl
Incident Date:
June 11, 2022
Overview
Title
lockbit2 attacks S. & S. srl
Victim
S. & S. srl
Attacker
Lockbit2
Location
First Reported
June 11, 2022
S. & S. srl Targeted by Lockbit2 Ransomware Group
Company Profile
S. & S. srl, a manufacturing company, has recently fallen victim to the Lockbit2 ransomware group. This incident underscores the vulnerability of the manufacturing sector to cyber-attacks, which often target critical infrastructure and supply chain operations. The specifics of S. & S. srl's operations and its prominence within the industry remain under-researched, highlighting a need for greater transparency and security awareness in the sector.
Vulnerabilities
The exact vulnerabilities exploited in the attack on S. & S. srl by the Lockbit2 ransomware group have not been disclosed. However, it is known that the group leverages compromised valid accounts, exposed Remote Desktop Protocol (RDP) servers, and exploits for FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812 to infiltrate networks. This suggests potential lapses in S. & S. srl's cybersecurity practices, particularly in the areas of access control and network security.
Mitigation Strategies
To defend against ransomware and other cyber threats, organizations should adopt comprehensive cybersecurity measures, including:
- Updating software and systems promptly to address security vulnerabilities.
- Implementing strong password policies and multi-factor authentication to secure user accounts.
- Conducting regular employee training on phishing and social engineering defense.
- Maintaining up-to-date backups and testing disaster recovery procedures to ensure business continuity.
- Applying network segmentation and strict access controls to minimize the impact of potential breaches.
- Monitoring network activity for signs of unauthorized access and swiftly mitigating detected threats.
Sources
- Europol. (2024, February 20). Law enforcement disrupt world's biggest ransomware operation.
- SOCRadar. (2024, January 3). Dark Web Profile: Black Basta Ransomware.
- TechCrunch. (2024, February 20). Authorities disrupt operations of notorious LockBit ransomware gang.
- ABC7 News. (2024, n.d.). Oakland ransomware victims never notified.
- SOCRadar. (2023, July 7). Dark Web Profile: Play Ransomware.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.