lockbit2 attacks TOVO GOMMA

Incident Date:

March 4, 2022

World map



lockbit2 attacks TOVO GOMMA






San Marco, Italy

Bedizzole, Italy

First Reported

March 4, 2022

TOVO Gomma Suffers Ransomware Attack by Lockbit2 Group

TOVO Gomma, a prominent manufacturer specializing in rubber compounds, sheets, and foam, has recently fallen victim to a ransomware attack orchestrated by the Lockbit2 group. This incident was disclosed on the group's dark web leak site, highlighting the ongoing threats faced by entities operating within the manufacturing sector.

With its operations rooted in Italy, TOVO Gomma is celebrated for its comprehensive product range and adaptability, attributes that have cemented its status on both European and global stages in the rubber market. The company prides itself on manufacturing products exclusively in Italy, utilizing modern facilities and rigorous quality controls over raw materials. Their commitment extends to employing advanced machinery for quality testing of both semi-finished and finished rubber products, alongside developing customized solutions tailored to client specifications. Furthermore, TOVO Gomma demonstrates a strong commitment to environmental sustainability, notably through the implementation of a photovoltaic system.

Despite the lack of explicit details regarding the company's size, TOVO Gomma is described as an ideal partner for the production of rubber semi-finished and finished goods, catering to a diverse range of applications, including the automotive and construction sectors.

The specific vulnerabilities exploited by the Lockbit2 group in this attack remain undisclosed. Nonetheless, it is widely acknowledged that ransomware attacks typically leverage known software or hardware vulnerabilities, or employ social engineering tactics to infiltrate systems. Lockbit2, a group with a history of targeting various industries since at least 2022, is notorious for its operations that encrypt victims' files and demand ransom for their release.

As of now, TOVO Gomma has not released any official communication regarding the ransomware attack. The course of action the company is taking, whether it involves paying the ransom or pursuing alternative recovery methods, remains uncertain.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.