lockbit2 attacks TCCM

Incident Date:

March 2, 2022

World map

Overview

Title

lockbit2 attacks TCCM

Victim

TCCM

Attacker

Lockbit2

Location

Jindrisska, Europe

Nove mesto, Europe

First Reported

March 2, 2022

TCCM Suffers Ransomware Attack by LockBit2

Company Overview

TCCM, a telecommunications company operating in 20 countries across Central and Eastern Europe, serves 140 million potential end customers. The company provides a wide range of services aimed at enhancing connectivity and efficiency within the telecommunications sector. These services encompass business development, channel marketing, financial services, warehousing and distribution, reverse logistics and after-sales management, and product customization.

Vulnerabilities

The specific vulnerabilities exploited in the ransomware attack on TCCM by the LockBit2 group have not been disclosed. LockBit2 is recognized for its aggressive ransomware campaigns, having targeted over 2,000 victims, extorted more than $120 million in ransom payments, and issued ransom demands amounting to hundreds of millions of dollars. Despite law enforcement efforts to disrupt its activities, LockBit2 remains a formidable threat to global organizations.

Mitigation Strategies

To defend against ransomware attacks, organizations are advised to adopt several best practices. These include enabling multifactor authentication, regularly backing up data, ensuring systems are promptly updated, scrutinizing emails before opening them, and adhering to recognized security frameworks. Employing solutions that offer extended detection and response (XDR) and network detection and response (NDR) can further bolster an organization's ability to thwart and address ransomware incidents.

The ransomware attack on TCCM underscores the persistent risk cybercriminals pose to the telecommunications industry. Adopting comprehensive cybersecurity measures and maintaining vigilance against new threats are imperative for companies to protect themselves.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.