Ransomware Attack on Sripatum University: LockBit 3.0
Incident Date:
May 9, 2024
Overview
Title
Ransomware Attack on Sripatum University: LockBit 3.0
Victim
Spiratum University
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Sripatum University by LockBit 3.0
Victim Profile
Sripatum University, formerly known as Thai Suriya College, is one of the oldest private universities in Bangkok, Thailand. Established in 1970, the university offers a wide range of undergraduate and postgraduate programs in fields such as Business Administration, Communication Arts, Engineering, Information Technology, Design and Creative Arts, Health Sciences, Law, Social Sciences, Education, and Languages and Literature. Sripatum University aims to create well-rounded students who are enthusiastic about knowledge and self-development, providing them with a solid foundation for their future endeavors.
Company Size and Industry Standing
Sripatum University is a prominent educational institution in Thailand, known for its diverse academic programs and commitment to student development. With a history dating back to 1970, the university has established itself as a leader in the education sector, offering quality education and fostering a culture of learning and growth among its students.
Attack Overview
The ransomware attack on Sripatum University involved the exfiltration of sensitive data, including accounting records, student information, financial data, and personally identifiable information (PII). The attackers utilized ransomware techniques to compromise the university's systems, leading to the leakage of a sample of the exfiltrated data online.
Ransomware Group Analysis
LockBit 3.0, also known as LockBit Black, is a sophisticated ransomware group that operates under a Ransomware-as-a-Service (RaaS) model. The group has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations globally. LockBit 3.0 is known for its advanced encryption techniques, obfuscation methods, and the ability to move laterally through networks, making it a formidable threat in the cybersecurity landscape.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.