lockbit3 attacks Traveldoc

Incident Date:

August 18, 2022

World map

Overview

Title

lockbit3 attacks Traveldoc

Victim

Traveldoc

Attacker

Lockbit3

Location

London W1U 7EU, United Kingdom

England, United Kingdom

First Reported

August 18, 2022

Traveldoc, a Hamilton Travel Clinic, Suffers Ransomware Attack by Lockbit3

Traveldoc, a Hamilton travel clinic that has been providing specialized counselling and travel vaccinations since 1989, has been targeted by the ransomware group Lockbit3. The clinic offers a range of health services, including yellow fever vaccines and medicines necessary for safe travel outside of Canada for potentially life-threatening diseases like malaria and Typhoid fever. The clinic's Medical Director, Dr. Walter Owsianik, has been serving the Hamilton, Ontario, area for over 30 years.

The clinic's website, http://traveldoc.ca, provides comprehensive, up-to-date information on health and safety risks for global destinations, including the latest computerized health advisories on current diseases and outbreaks around the world. The clinic is wheelchair accessible, with two accessible parking spots in the back lot, a paved path leading to the front entrance equipped with a push-button door opener, an elevator, and a wheelchair-accessible bathroom.

Vulnerabilities and Impact

Ransomware attacks often start with unpatched vulnerabilities, which can be particularly brutal for victims. In the healthcare sector, where sensitive patient data is at stake, the consequences of a ransomware attack can be severe. The larger the environment, the greater the challenge in understanding the attack surface and maintaining the necessary tools and technologies.

Lockbit3 is known for exploiting unpatched vulnerabilities in applications and tools used by businesses. The group has been observed using ProxyShell and Log4Shell, both of which had existing patches at the time of compromise. The use of zero-day vulnerabilities and one-day flaws by ransomware actors is on the rise, with threat actors increasingly focusing on stealing sensitive data and extorting victims by threatening to sell or leak the data.

Mitigation Strategies

To mitigate the risk of ransomware attacks, organizations should prioritize patching newly disclosed vulnerabilities, understand the adversary, threat surfaces, techniques used, and develop the necessary products, processes, and people to stop a modern ransomware attack. Implementing platforms for endpoint detection and response (EDR), security orchestration, automation, and response (SOAR), and active application security management (ASM) can also help reduce ransomware risk.

The ransomware attack on Traveldoc highlights the importance of maintaining up-to-date security measures and patching vulnerabilities to prevent such attacks. As the healthcare sector continues to be a target for ransomware groups, it is crucial for organizations to prioritize cybersecurity and implement robust security measures to protect sensitive patient data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.