lockbit3 attacks Sunshine Coast Regional District

Incident Date:

September 21, 2022

World map



lockbit3 attacks Sunshine Coast Regional District


Sunshine Coast Regional District




Sechelt, Canada

Vancouver, Canada

First Reported

September 21, 2022

Sunshine Coast Regional District Suffers Ransomware Attack by Lockbit3

About the Victim

The Sunshine Coast Regional District (SCRD), a Canadian regional government, has been targeted by the ransomware group Lockbit3, as reported on their dark web leak site. The SCRD is headquartered in the town of Sechelt and spans approximately 3,700 square kilometers. It serves a population of about 32,000, which includes the town of Gibson, the Sechelt Indian Government District, and several Indigenous reserves. The district is typically accessed via ferry, boat, or plane, as no roads connect it with the rest of the province.

Vulnerabilities and Impact

The attack on SCRD resulted in disrupted IT systems, including an email outage and the website being offline for a period. The SCRD has contracted an external cybersecurity firm to assist with the investigation and has also reported the incident to the British Columbia Office of the Information and Privacy Commissioner (OIPC).

Previous Attack and Response

The SCRD was previously targeted by ransomware in September 2022, but no ransom was paid following the attack. The district follows best practices in relation to data storage and protection.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.