Ransomware Attack on Equinox, Inc. by LockBit 3.0

Incident Date:

May 23, 2024

World map



Ransomware Attack on Equinox, Inc. by LockBit 3.0


Equinox, Inc.




Albany, USA

New York, USA

First Reported

May 23, 2024

Ransomware Attack on Equinox, Inc. by LockBit 3.0

Victim Overview

Equinox, Inc. is a nonprofit human services agency based in New York's Capital Region. They provide a range of services including substance abuse counseling, youth shelter/outreach, and domestic violence support. The organization is known for its comprehensive services and hosts the Annual Equinox Thanksgiving Day Community Dinner, a longstanding tradition in the region. Equinox, Inc. has approximately 65 employees and generates around $8 million in revenue.

Attack Overview

The LockBit 3.0 ransomware group targeted Equinox, Inc., stealing 49 gigabytes of sensitive data. The stolen information included financial documents, bank records, patients' personal data, and financial agreements. A sample of the stolen data was leaked, exposing the organization to potential privacy and financial risks.

Ransomware Group Profile

LockBit 3.0, also known as LockBit Black, is a highly sophisticated Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. The group is known for its advanced encryption techniques, obfuscation methods, and the ability to move laterally through networks. LockBit 3.0 has targeted a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC.

Attack Vulnerabilities

Equinox, Inc. may have been targeted by threat actors due to the sensitive nature of the data they handle, including personal and financial information of vulnerable individuals. The organization's commitment to providing essential services to the community may have made them a prime target for ransomware attacks, as disrupting their operations could have significant repercussions for the people they serve.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.