Ransomware Attack on Keuka College by LockBit 3.0
Incident Date:
May 16, 2024
Overview
Title
Ransomware Attack on Keuka College by LockBit 3.0
Victim
Keuka College
Attacker
Lockbit3
Location
First Reported
May 16, 2024
Ransomware Attack on Keuka College by LockBit 3.0
Victim Overview
Keuka College, a private liberal arts college located in Keuka Park, New York, was targeted by the cybercrime group LockBit 3.0. The college offers undergraduate and graduate programs in liberal arts, health and human services, education, and business. Keuka College is known for its student-centered approach and its Field Period program, providing hands-on learning experiences.
Company Size and Standout Features
As of 2021, Keuka College has 643 employees and generates an annual revenue of $11.4 million. The college stands out for its academic excellence and commitment to experiential learning through real-world settings.
Attack Overview
LockBit 3.0, a dangerous ransomware group, compromised Keuka College's website through a ransomware attack. The attack involved encrypting files, modifying filenames, changing desktop wallpaper, and dropping a ransom note on the victim's desktop. LockBit 3.0 is known for its advanced capabilities, including lateral movement through networks and obfuscation to evade detection.
Company Vulnerabilities
The college's emphasis on academic excellence and its diverse programs may have made it a target for threat actors like LockBit 3.0. The college's website could have been vulnerable to ransomware attacks due to potential security gaps in its systems.
Ransomware Group Details
LockBit 3.0, is a Ransomware-as-a-Service (RaaS) group that targets a wide range of organizations globally. The group distinguishes itself by its modular and evasive nature, making it challenging for security researchers to analyze and defend against. LockBit 3.0 has been used to target major companies like Boeing and ICBC.
Penetration of Company Systems
The ransomware group could have penetrated Keuka College's systems through various means, such as phishing emails, unpatched software vulnerabilities, or weak security configurations. The ransomware group's advanced capabilities allowed it to move laterally through the network and cover its tracks effectively.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.