lockbit3 attacks AB Birštono sanatorija „Versmė"

Incident Date:

August 7, 2022

World map



lockbit3 attacks AB Birštono sanatorija „Versmė"


AB Birštono sanatorija „Versmė"




Srugos, Lithuania

Birštonas, Lithuania

First Reported

August 7, 2022

AB Birštono sanatorija "Versmė" Suffers Ransomware Attack

AB Birštono sanatorija "Versmė," a healthcare services provider based in Lithuania, has been targeted by the ransomware group LockBit3. The attack was announced on the group's dark web leak site. The company operates in the Healthcare Services sector and has been affected by the LockBit ransomware variant, known for its aggressive tactics and data leak site.

Company Overview

AB Birštono sanatorija "Versmė" is a medical spa that offers a range of treatments, including kinesiotherapy, healing baths, healing mud procedures, healing massages, and physiotherapy. The company has a strong reputation for its professional staff and high-quality services, with many clients expressing satisfaction with their experiences.

Vulnerabilities and Mitigation Strategies

Ransomware attacks often exploit vulnerabilities in outdated software, unpatched systems, or weak passwords. To mitigate the risk of such attacks, it is crucial for organizations to implement robust security measures, such as regular vulnerability scanning, patching, and updating software, and maintaining offline, encrypted backups of data.

In the case of AB Birštono sanatorija "Versmė," the specific vulnerabilities that led to the ransomware attack are not publicly disclosed. However, it is essential for the company to conduct a thorough investigation to identify the root cause of the breach and take appropriate measures to prevent future attacks.

The ransomware attack on AB Birštono sanatorija "Versmė" highlights the importance of robust cybersecurity measures in the healthcare sector. Healthcare organizations must prioritize data-centric security strategies, such as tokenization, and adopt advanced security protocols to protect sensitive patient information.


  • "AB Birštono sanatorija "Versmė": Pagrindinis" - versme.com
  • "Canadian dental service pays ransom in 8base ransomware attack" - SiliconAngle
  • "Russian National Charged with Ransomware Attacks Against Critical Infrastructure" - Justice.gov
  • "Ransomware Prevention and Response for CISOs" - FBI
  • "Stop Ransomware" - CISA

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.