Ransomware Attack on Daubert Chemical by LockBit 3.0
Incident Date:
May 16, 2024
Overview
Title
Ransomware Attack on Daubert Chemical by LockBit 3.0
Victim
Daubert Chemical
Attacker
Lockbit3
Location
First Reported
May 16, 2024
Ransomware Attack on Daubert Chemical by LockBit 3.0
Victim Overview
Daubert Chemical Company, Inc., a leading manufacturer of corrosion prevention products and specialty chemicals, based in Chicago, Illinois, fell victim to a cybercrime attack by LockBit 3.0 ransomware. The company, with approximately 100-250 employees and generating annual revenue of around $36 million, serves industries such as automotive, aerospace, and general manufacturing. Daubert Chemical is known for its commitment to sustainability and innovative product formulations.
Attack Overview
The ransomware attack targeted Daubert Chemical's website, encrypting its data and likely demanding a ransom for its release. LockBit 3.0, an advanced and dangerous ransomware variant, is known for encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and difficult to analyze, making it challenging for security researchers to study.
Ransomware Group Details
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous LockBit versions. The group operates under a RaaS model, allowing other cybercriminals to use their malware for attacks. LockBit 3.0 has been used to target a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC. The ransomware group is known for its advanced infection capacities, customization options, and evasive tactics, making it harder to detect and defend against.
Company Vulnerabilities
Daubert Chemical's vulnerabilities in being targeted by threat actors include its global presence, serving various industries, and potentially holding valuable data related to corrosion prevention and specialty chemicals. The company's commitment to sustainability and innovative product formulations may also attract cybercriminals seeking to exploit sensitive information for financial gain.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.