Ransomware Attack on Equinox, Inc. by LockBit 3.0

Victim Overview

Equinox, Inc. is a nonprofit human services agency based in New York's Capital Region. They provide a range of services including substance abuse counseling, youth shelter/outreach, and domestic violence support. The organization is known for its comprehensive services and hosts the Annual Equinox Thanksgiving Day Community Dinner, a longstanding tradition in the region. Equinox, Inc. has approximately 65 employees and generates around $8 million in revenue.

Attack Overview

The LockBit 3.0 ransomware group targeted Equinox, Inc., stealing 49 gigabytes of sensitive data. The stolen information included financial documents, bank records, patients' personal data, and financial agreements. A sample of the stolen data was leaked, exposing the organization to potential privacy and financial risks.

Ransomware Group Profile

LockBit 3.0, also known as LockBit Black, is a highly sophisticated Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. The group is known for its advanced encryption techniques, obfuscation methods, and the ability to move laterally through networks. LockBit 3.0 has targeted a wide range of organizations globally, including major companies like Boeing and the US division of the Chinese bank ICBC.

Attack Vulnerabilities

Equinox, Inc. may have been targeted by threat actors due to the sensitive nature of the data they handle, including personal and financial information of vulnerable individuals. The organization's commitment to providing essential services to the community may have made them a prime target for ransomware attacks, as disrupting their operations could have significant repercussions for the people they serve.

Sources:

• Equinox, Inc. Website
• VMware Blog - LockBit 3.0
• SentinelOne - LockBit 3.0
• Times of India - LockBit 3.0
• Wazuh Blog - LockBit 3.0