Ransomware Attack on ACFIN SA by LockBit 3.0

Incident Date:

May 13, 2024

World map

Overview

Title

Ransomware Attack on ACFIN SA by LockBit 3.0

Victim

ACFIN SA

Attacker

Cactus

Location

Las Condes, Chile

, Chile

First Reported

May 13, 2024

Ransomware Attack on ACFIN SA by LockBit 3.0

Victim Overview

ACFIN SA, a financial consulting company based in Chile, fell victim to a cyberattack by the cybercrime group LockBit 3.0. The company specializes in financial asset management, excelling in portfolio management and debt-related services. ACFIN operates in Chile, Peru, Mexico, and the United States, offering a wide range of financial services to individuals and companies.

Company Size and Standing

The company has a revenue of $25.1 million and has been recognized for its transparency and credibility in the financial market. The company has received awards for its performance and services, including "Best Portfolio Manager" and "Best Debt Service". ACFIN's team of financial and asset management experts, led by CEO Carlos González, provides high-quality and personalized services to clients.

Attack Details

The cybercrime group LockBit 3.0 targeted ACFIN SA's website, in a ransomware attack that resulted in the exfiltration of approximately 460 GB of sensitive data. The stolen information included client confidential data, personal identification information, financial statements, executives' personal data, and security officer private files. Some of the leaked data has been made available, posing significant risks to the privacy and security of individuals involved.

Ransomware Group Profile

LockBit 3.0 is known for employing ransomware as their attack method and has been observed exploiting vulnerabilities and leveraging malvertising lures for targeted attacks. The group distinguishes itself by using unique encryption techniques to avoid detection and targeting organizations of all sizes across various industries. LockBit 3.0's tactics align with the MITRE ATT&CK Framework, demonstrating a sophisticated understanding of cyber threats.

Penetration of Company Systems

The ransomware group likely penetrated ACFIN SA's systems through vulnerabilities in their network or software. The group may have exploited weaknesses in the company's security measures, such as outdated software, lack of proper patch management, or inadequate employee training on cybersecurity best practices. By leveraging malvertising lures and unique encryption techniques, LockBit 3.0 successfully infiltrated ACFIN's systems and exfiltrated sensitive data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.