LockBit3 Ransomware Strikes Workscapes: A Targeted Attack on Office Furniture Company
Incident Date:
May 27, 2024
Overview
Title
LockBit3 Ransomware Strikes Workscapes: A Targeted Attack on Office Furniture Company
Victim
Workscapes
Attacker
Lockbit3
Location
First Reported
May 27, 2024
Ransomware Attack on Workscapes by LockBit3
Victim Overview
Workscapes is a woman-owned company specializing in providing office furniture, architectural products, and space planning services to commercial customers, higher education, healthcare, and government markets. The company stands out as a full-service office dealership offering a broad range of products and services to plan, furnish, and equip interior environments. Workscapes has 115 employees at its headquarters in Tampa, Florida, with reported revenue of $78.7 million.
Attack Overview
LockBit3, a sophisticated ransomware group, targeted Workscapes, compromising an unspecified amount of data. The details and size of the leaked data remain unknown. LockBit3 is an evolution of the LockBit ransomware group, renowned for its advanced capabilities and evasive tactics. This ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. It is heavily obfuscated and protected against analysis, presenting a significant challenge for security researchers.
Ransomware Group: LockBit3
Known as LockBit Black, LockBit3 operates as a Ransomware-as-a-Service (RaaS) group, building on the legacy of LockBit and LockBit 2.0. It follows an affiliate-based ransomware approach, actively recruiting affiliates to expand its attack volume. LockBit3 has targeted a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC.
Company Vulnerabilities
Workscapes may have been targeted due to the sensitive nature of the data they handle as a prominent player in the office furniture and design industry. The company's extensive client base and involvement in designing office spaces for various sectors could have made it an attractive target for ransomware attacks. Additionally, the company's size and revenue likely made it a lucrative target for cybercriminals seeking financial gain through ransomware extortion.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.