lockbit2 attacks zentrum-dreilin...
Incident Date:
March 28, 2022
Overview
Title
lockbit2 attacks zentrum-dreilin...
Victim
zentrum-dreilin...
Attacker
Lockbit2
Location
First Reported
March 28, 2022
Dreiling Maschinenbau GmbH Ransomware Attack
Dreiling Maschinenbau GmbH, a German manufacturing company, has been targeted by the ransomware group Lockbit2. The attack was announced on the dark web leak site of the ransomware group. The company operates in the manufacturing sector and has been in operation for over 40 years, specializing in the development, construction, and installation of special machines, machine tools, and machine components.
Company Overview
Dreiling Maschinenbau GmbH is a family-owned business that has been in operation for over 40 years. They are known for their expertise in the development, construction, and installation of special machines, machine tools, and machine components. The company is located in Thüringen, Germany, and has a strong focus on innovation, producing products ranging from small components to complete ultralight helicopters.
Vulnerabilities and Targeting
The ransomware group Lockbit2 has targeted Dreiling Maschinenbau GmbH, exploiting vulnerabilities in their systems. The exact nature of these vulnerabilities is not specified, but it is known that ransomware groups often exploit known vulnerabilities in software or hardware to gain access to a target's network. In the case of Lockbit2, they have been known to use exposed RDP servers and FortiOS vulnerabilities CVE-2018-13379 and CVE-2020-12812 to gain initial access to an organization's network.
Industry Impact
Ransomware attacks have become increasingly common in various industries, including manufacturing. In 2022, 62% of successful infiltrations in ransomware attacks were via phishing, and the average ransom payment was $812,360. The attack on Dreiling Maschinenbau GmbH is a reminder of the ongoing threat of ransomware to businesses of all sizes and industries.
Mitigation Strategies
To mitigate the risk of ransomware attacks, companies should implement robust cybersecurity measures, including regular software updates, employee training, and the use of backup systems. Additionally, organizations should be prepared to respond quickly and effectively to any potential attack, including having a plan in place for data recovery and communication with law enforcement and cybersecurity experts.
Sources
- Dreiling Maschinenbau GmbH - Homepage
- SOCRadar - Dark Web Profile: Play Ransomware. Available at: https://www.socradar.com
- Spin.AI - Ransomware Tracker 2024. Available at: https://www.spin.ai
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.