Ransomware Attack on Valley Joist, Inc. by LockBit 3.0
Incident Date:
May 17, 2024
Overview
Title
Ransomware Attack on Valley Joist, Inc. by LockBit 3.0
Victim
Valley Joist, Inc.
Attacker
Lockbit3
Location
First Reported
May 17, 2024
Ransomware Attack on Valley Joist, Inc. by LockBit 3.0
Victim Overview
Valley Joist, Inc. is a company specializing in the design, engineering, and manufacturing of steel joists and steel deck products for the construction industry. With over 6 decades of experience, the company serves customers across the United States. Valley Joist, Inc. operates multiple manufacturing facilities in states like Louisiana, Texas, Tennessee, and others.
Company Profile
Valley Joist, Inc. is a medium-sized company that designs, engineers, and manufactures a full range of steel joist and deck product systems. While the exact revenue and size of the company are not publicly disclosed, Valley Joist, Inc. is considered a notable player in the industry due to its significant presence across the U.S.
Attack Overview
The company was targeted by the LockBit 3.0 ransomware attack, a dangerous and disruptive ransomware threat. The attack technique employed was ransomware, but specific details such as the ransom demand, exfiltrated data amount, or data types were not provided.
Ransomware Group Profile
The LockBit 3.0 ransomware group is an evolution of the LockBit group, operating under a Ransomware-as-a-Service (RaaS) model. LockBit 3.0, also known as LockBit Black, is an advanced variant of the ransomware that emerged in 2022. It encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study.
Company Vulnerabilities
The company may have been targeted by threat actors due to its presence in the construction sector and its role in providing steel joists and deck products for commercial, industrial, and institutional buildings. The company's operations and manufacturing facilities across multiple states could have made it an attractive target for cybercriminals seeking to disrupt critical infrastructure.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.