Ransomware Attack on Agapé France by LockBit: Key Details

Incident Date:

July 31, 2024

World map

Overview

Title

Ransomware Attack on Agapé France by LockBit: Key Details

Victim

Agape France

Attacker

Lockbit3

Location

Ozoir-la-Ferrière, France

, France

First Reported

July 31, 2024

Ransomware Attack on Agapé France by LockBit

Agapé France, a prominent Christian missionary organization, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group LockBit. The breach was discovered on August 5, raising significant concerns about the security and privacy of the organization's sensitive information.

About Agapé France

Agapé France, part of the global Cru movement, focuses on evangelism and discipleship within French society. Established in 1983, the organization employs between 100 and 200 individuals and operates primarily within the realm of faith-based services and community support. Agapé France engages specific target groups, including university students, families, and athletes, by addressing existential questions and promoting faith in a culturally relevant manner.

The organization stands out for its multifaceted approach to evangelism, organizing events that encourage dialogue about faith in non-threatening environments. They also place significant emphasis on supporting couples and families, utilizing fine arts and digital media to communicate their message effectively. Specialized initiatives like "Agapé au Féminin" and the Agapé Hub in Paris further highlight their commitment to community engagement and spiritual development.

Attack Overview

The ransomware attack on Agapé France was claimed by LockBit via their dark web leak site. While the exact size of the data leak remains unknown, the incident underscores the growing threat of ransomware attacks on non-profit and religious organizations. The attack has raised alarms about the vulnerabilities in Agapé France's cybersecurity measures, particularly given their reliance on digital media and online resources to fulfill their mission.

About LockBit

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware that encrypts its payload until execution, LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin.

LockBit distinguishes itself by exploiting vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs checks to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed and changes to the victim's computer wallpaper.

Potential Vulnerabilities

Agapé France's reliance on digital media and online resources makes it a prime target for ransomware attacks. The organization's extensive use of digital platforms to distribute films, study guides, and other resources could have provided multiple entry points for the ransomware. Additionally, the lack of robust cybersecurity measures, such as network segmentation and timely software updates, may have contributed to the successful breach by LockBit.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.