lockbit3 attacks CanadianSolar

Incident Date:

September 11, 2022

World map



lockbit3 attacks CanadianSolar






Guelph, Canada

Ontario, Canada

First Reported

September 11, 2022

Canadian Solar Targeted by LockBit3 Ransomware Group

Canadian Solar, a leading solar technology company, has been targeted by the LockBit3 ransomware group, which claimed responsibility for the attack on their systems and network. The company, which operates in the Energy, Utilities & Waste sector, has been hit with a ransomware attack that has encrypted their systems and network, with the threat of stolen data being published on the dark web if the ransom is not paid.

Company Overview

Canadian Solar is a global solar technology company with a significant presence in the renewable energy sector. They have shipped over 118GW of solar modules and 4.5GWh of battery storage, with a module capacity of 61GW and a battery storage capacity of 20GWh by December 2024. The company has a project pipeline of 27.3GW and an energy project pipeline of 54.8GWh, and they operate in more than 160 countries with subsidiaries in 23 countries and regions on six continents.

Vulnerabilities and Targeting

The energy sector, including companies like Canadian Solar, has been identified as a major target for ransomware attacks, with the fourth-highest number of cyberattacks in 2023, accounting for 10.7% of all attacks. The sector's vulnerabilities include complexities in converging IT and operational third-party risks, as well as historic geopolitical fragmentation. The LockBit3 ransomware group has been particularly active in targeting energy firms, including nuclear facilities and related research entities.

Response and Mitigation

In response to the attack, Canadian Solar has not disclosed any specific details about the ransom demand or the deadline for payment. However, the company has been advised to take a proactive approach to improving their overall ransomware resilience, including identifying vulnerabilities, protecting critical assets, and being prepared for potential attacks.

The LockBit3 ransomware attack on Canadian Solar highlights the ongoing threat of ransomware to the energy sector and the need for companies to be proactive in protecting their systems and networks. As the energy sector continues to be a major target for ransomware attacks, it is crucial for companies to stay informed about the latest threats and to implement robust cybersecurity measures to mitigate the risks.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.