lockbit3 attacks upLexis

Incident Date:

August 28, 2022

World map



lockbit3 attacks upLexis






Várzea da Barra Funda, Brazil

São Paulo - SP, Brazil

First Reported

August 28, 2022

upLexis Suffers Ransomware Attack by Lockbit3

upLexis, a Brazilian company specializing in background checks and due diligence, has been targeted by the ransomware group Lockbit3. The attack was announced on the group's dark web leak site. The company operates in the Business Services sector, providing a platform for businesses to streamline background check and due diligence processes.

Company Overview

upLexis offers a platform called upMiner, which is designed to help businesses collect information about individuals and companies. The platform aims to simplify and improve the process of background checks and due diligence, enhancing the efficiency of risk analysis and strategic decision-making.

Vulnerabilities and Targeting

The specific vulnerabilities that led to the successful attack by Lockbit3 are not detailed. However, ransomware attackers often exploit software vulnerabilities, use brute-force credential attacks, engage in social engineering, leverage previously compromised credentials, or abuse trust opportunities.

Response and Mitigation

The Cybersecurity and Infrastructure Security Agency (CISA) provides a comprehensive guide for responding to ransomware attacks, including detection and analysis, preserving evidence, and following trusted guidance for the specific ransomware variant. It is crucial for organizations to have a plan in place to prevent, detect, respond to, and recover from ransomware attacks.

The ransomware attack on upLexis by Lockbit3 underscores the critical importance of cybersecurity measures for businesses across all sectors. Companies should be vigilant about potential vulnerabilities and take proactive steps to protect their systems from ransomware and other cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.