LockBit3 Ransomware Strikes Cafe Novell SA

Incident Date:

May 27, 2024

World map

Overview

Title

LockBit3 Ransomware Strikes Cafe Novell SA

Victim

Cafe Novell SA

Attacker

Lockbit3

Location

Vilafranca del Penedes, Spain

, Spain

First Reported

May 27, 2024

LockBit3 Ransomware Attack on Cafe Novell SA

Company Overview

Cafe Novell SA, a Spanish company founded in 1958, specializes in producing high-quality coffee products. They offer a variety of coffee blends, coffee machines, and accessories for both home and commercial use. The company is known for its commitment to sustainability and ethical sourcing practices, ensuring responsible and environmentally-friendly coffee production.

Company Size and Revenue

Cafe Novell employs more than 50 employees and generates an annual turnover of between 10 and 50 million euros.

Company Standout

Renowned for its dedication to sustainability, quality, and customer satisfaction, Cafe Novell has received certifications such as ISO 9001 for its production center and commercial offices. They collaborate with organizations like UTZ Certified and Fair Trade to promote responsible coffee farming and consumption.

Victim Vulnerabilities

As a key player in the coffee industry with a notable online presence, Cafe Novell SA may have been targeted by threat actors like the LockBit3 ransomware group due to the valuable customer data they possess. Their reliance on digital systems for operations and customer interactions could have made them susceptible to cyber attacks.

Attack Overview

The LockBit3 ransomware group targeted cafesnovell.com, resulting in the leakage of sample data. This attack likely involved encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on the victim's desktop.

Ransomware Group Profile

The LockBit3 ransomware group, also known as LockBit Black, is an advanced Ransomware-as-a-Service (RaaS) group that has evolved from previous LockBit variants. It is considered one of the most dangerous and disruptive ransomware threats currently active, with features that make it difficult to analyze and defend against.

How the Ransomware Group Operates

Operating under a RaaS model, LockBit3 allows other cybercriminals to use their malware for attacks. The group has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations globally. Known for its advanced infection capacities, customization options, and evasive tactics, LockBit3 is challenging to detect and mitigate.

References

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.