Ransomware Attack on Morris Group International by LockBit 3.0
Incident Date:
May 16, 2024
Overview
Title
Ransomware Attack on Morris Group International by LockBit 3.0
Victim
Morris Group International
Attacker
Lockbit3
Location
First Reported
May 16, 2024
Ransomware Attack on Morris Group International by LockBit 3.0
Victim Overview
Morris Group International, a family-owned company based in the USA, specializes in manufacturing and distributing a wide range of products for non-residential construction markets. With 2,000 employees and an annual revenue of $77.8 million, the company operates through 28 divisions and partnerships across 27 locations worldwide.
The company offers innovative products such as stainless steel toilets, engineered plumbing, drainage products, vacuum plumbing systems, drinking fountains, and electric water heaters. The company stands out for its global reach, quality manufacturing practices, and custom solutions for customer needs.
Attack Overview
The cybercrime group LockBit 3.0 targeted Morris Group International's website in a ransomware attack. The breach resulted in the misappropriation of 500 GB of sensitive data, including partners, clients, commercial contracts, sketches, chemical properties of products, patents, and subsidiary information.
Ransomware Group Profile
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous LockBit versions. It is considered one of the most dangerous and disruptive ransomware threats, with advanced features and capabilities. The group operates under an affiliate-based ransomware approach and has targeted various organizations globally.
Attack Details
The ransomware group encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware is heavily obfuscated and has features like lateral movement through networks and self-deletion to cover its tracks. LockBit 3.0 has been used to target major companies and is known for its evasive nature, making it challenging to detect and defend against.
Company Vulnerabilities
Morris Group International's extensive product portfolio, global presence, and commitment to quality manufacturing may have made it an attractive target for threat actors like LockBit 3.0. The company's diverse operations and valuable data could have made it vulnerable to ransomware attacks seeking to exploit sensitive information for financial gain.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.