Ransomware Attack on Daubert Chemical by LockBit 3.0

Incident Date:

May 16, 2024

World map

Overview

Title

Ransomware Attack on Daubert Chemical by LockBit 3.0

Victim

Daubert Chemical

Attacker

Lockbit3

Location

Chicago, USA

Illinois, USA

First Reported

May 16, 2024

Ransomware Attack on Daubert Chemical by LockBit 3.0

Victim Overview

Daubert Chemical Company, Inc., a leading manufacturer of corrosion prevention products and specialty chemicals, based in Chicago, Illinois, fell victim to a cybercrime attack by LockBit 3.0 ransomware. The company, with approximately 100-250 employees and generating annual revenue of around $36 million, serves industries such as automotive, aerospace, and general manufacturing. Daubert Chemical is known for its commitment to sustainability and innovative product formulations.

Attack Overview

The ransomware attack targeted Daubert Chemical's website, encrypting its data and likely demanding a ransom for its release. LockBit 3.0, an advanced and dangerous ransomware variant, is known for encrypting files, modifying filenames, changing desktop wallpapers, and dropping ransom notes on victims' desktops. The ransomware is heavily obfuscated and difficult to analyze, making it challenging for security researchers to study.

Ransomware Group Details

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous LockBit versions. The group operates under a RaaS model, allowing other cybercriminals to use their malware for attacks. LockBit 3.0 has been used to target a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC. The ransomware group is known for its advanced infection capacities, customization options, and evasive tactics, making it harder to detect and defend against.

Company Vulnerabilities

Daubert Chemical's vulnerabilities in being targeted by threat actors include its global presence, serving various industries, and potentially holding valuable data related to corrosion prevention and specialty chemicals. The company's commitment to sustainability and innovative product formulations may also attract cybercriminals seeking to exploit sensitive information for financial gain.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.