lockbit3 attacks Traveldoc
Incident Date:
August 18, 2022
Overview
Title
lockbit3 attacks Traveldoc
Victim
Traveldoc
Attacker
Lockbit3
Location
First Reported
August 18, 2022
Traveldoc, a Hamilton Travel Clinic, Suffers Ransomware Attack by Lockbit3
Traveldoc, a Hamilton travel clinic that has been providing specialized counselling and travel vaccinations since 1989, has been targeted by the ransomware group Lockbit3. The clinic offers a range of health services, including yellow fever vaccines and medicines necessary for safe travel outside of Canada for potentially life-threatening diseases like malaria and Typhoid fever. The clinic's Medical Director, Dr. Walter Owsianik, has been serving the Hamilton, Ontario, area for over 30 years.
The clinic's website, http://traveldoc.ca, provides comprehensive, up-to-date information on health and safety risks for global destinations, including the latest computerized health advisories on current diseases and outbreaks around the world. The clinic is wheelchair accessible, with two accessible parking spots in the back lot, a paved path leading to the front entrance equipped with a push-button door opener, an elevator, and a wheelchair-accessible bathroom.
Vulnerabilities and Impact
Ransomware attacks often start with unpatched vulnerabilities, which can be particularly brutal for victims. In the healthcare sector, where sensitive patient data is at stake, the consequences of a ransomware attack can be severe. The larger the environment, the greater the challenge in understanding the attack surface and maintaining the necessary tools and technologies.
Lockbit3 is known for exploiting unpatched vulnerabilities in applications and tools used by businesses. The group has been observed using ProxyShell and Log4Shell, both of which had existing patches at the time of compromise. The use of zero-day vulnerabilities and one-day flaws by ransomware actors is on the rise, with threat actors increasingly focusing on stealing sensitive data and extorting victims by threatening to sell or leak the data.
Mitigation Strategies
To mitigate the risk of ransomware attacks, organizations should prioritize patching newly disclosed vulnerabilities, understand the adversary, threat surfaces, techniques used, and develop the necessary products, processes, and people to stop a modern ransomware attack. Implementing platforms for endpoint detection and response (EDR), security orchestration, automation, and response (SOAR), and active application security management (ASM) can also help reduce ransomware risk.
The ransomware attack on Traveldoc highlights the importance of maintaining up-to-date security measures and patching vulnerabilities to prevent such attacks. As the healthcare sector continues to be a target for ransomware groups, it is crucial for organizations to prioritize cybersecurity and implement robust security measures to protect sensitive patient data.
Sources
- The Travel Doctor | Hamilton's travel clinic since 1989. (n.d.). Retrieved April 10, 2024.
- Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector. (2024, April 02). Retrieved April 10, 2024.
- Ransomware Victims Surge as Threat Actors Pivot to Zero-Day Exploits. (2023, August 07). Retrieved April 10, 2024.
- What is Ransomware | Attack Types, Protection & Removal | Imperva. (n.d.). Retrieved April 10, 2024.
- What are Ransomware Attacks? - Palo Alto Networks. (n.d.). Retrieved April 10, 2024.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.