Ransomware Attack on ACLA GmbH by LockBit 3.0

Victim Overview

ACLA-WERKE GmbH, a German company specializing in manufacturing technical polyurethane elastomer products for the transport and materials handling sectors, fell victim to a cybercrime attack by LockBit 3.0. The company's website was targeted in this ransomware attack. The company operates in the manufacturing industry with a workforce of 16 employees. The company's annual revenue is approximately €29.3 million. A standout feature of the company is its extensive expertise in processing high-grade PUR-elastomers, boasting over 50 years of experience in this field.

Attack Overview

The attacker used ransomware to encrypt ACLA's data, likely aiming to extort a ransom from the victim for the decryption of their information. This attack poses a significant threat to the company's operations and data security.

Ransomware Group Details

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. It is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features and capabilities.

Attack Vector

LockBit 3.0 is known for encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. It can move laterally through a network via group policy updates and delete traces of itself to cover its tracks.

Sources

• Apollo.io - ACLA-WERKE GmbH
• North Data - ACLA-WERKE GmbH
• ACLA-WERKE GmbH Official Website
• Dun & Bradstreet - ACLA-WERKE GmbH
• VMware - LockBit 3.0