lockbit2 attacks ymcad
Incident Date:
March 12, 2022
Overview
Title
lockbit2 attacks ymcad
Victim
ymcad
Attacker
Lockbit2
Location
First Reported
March 12, 2022
YMCA Derbyshire: A Non-Profit Targeted by Lockbit2 Ransomware
YMCA Derbyshire, a non-profit organization that supports individuals and communities in Derby and Derbyshire, has been targeted by the ransomware group Lockbit2. The organization, which has been in operation since 1847, focuses on key areas of work including Health and Wellbeing, Support and Advice, Family and Youth Work, Training and Education, and Housing.
YMCA Derbyshire serves more than 40 communities and employs over 2000 people, with a turnover of $70m a year. The organization's services include gymnastics classes, swimming lessons, camping, out-of-school-hour centres, and youth and community services. Despite its size and the critical nature of its services, YMCA Derbyshire had not considered itself a likely target for cyber attacks, given the assumption that not-for-profit organizations are less vulnerable.
The Lockbit2 ransomware attack on YMCA Derbyshire is not the first such incident in the YMCA network. In 2019, YMCA NSW, another YMCA organization, was hit with a ransomware attack that encrypted its operating system. The attack forced the organization to close its doors, affecting around 15,000 families in NSW.
The YMCA NSW incident serves as a reminder of the importance of robust cybersecurity measures, even for organizations that may not perceive themselves as high-risk targets. The YMCA NSW response involved a quick decision by the board not to pay the ransom, rebuilding systems from scratch, and restoring services using a cloud-based solution.
The Lockbit2 ransomware group has claimed responsibility for the attack on YMCA Derbyshire via their dark web leak site. The victim's website is http://www.ymcaderbyshire.org.uk/.
Sources
- YMCA Derbyshire | Changing Lives in Derby and Derbyshire
- Ransomware incident launched against YMCA of Greater Charlotte - WBTV https://www.wbtv.com/2021/09/14/ransomware-incident-launched-against-ymca-greater-charlotte/
- Quick board response could save your organisation during a ransomware attack - AICD https://aicd.companydirectors.com.au/membership/the-boardroom-report/volume-18-issue-1/quick-board-response-could-save-your-organisation-during-a-ransomware-attack
- Cyberattack: Charlotte YMCA targeted in ransomware incident | Charlotte Observer https://www.charlotteobserver.com/news/local/article254287783.html
- Some members getting alerted about a September ransomware attack, Charlotte YMCA says - DataBreaches.net https://www.databreaches.net/some-members-getting-alerted-about-a-september-ransomware-attack-charlotte-ymca-says/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.