Ransomware Attack on Wisconsin Industrial Coatings

Incident Date:

May 9, 2024

World map

Overview

Title

Ransomware Attack on Wisconsin Industrial Coatings

Victim

Wisconsin Industrial Coating

Attacker

Lockbit3

Location

Kaukauna, USA

Wisconsin, USA

First Reported

May 9, 2024

Ransomware Attack on Wisconsin Industrial Coatings

Overview

Wisconsin Industrial Coatings, a company based in the USA, was targeted in a cyberattack by the LockBit 3.0 cybercrime group. The attackers used ransomware to encrypt the company's data, making it inaccessible unless a ransom is paid. It is likely that the victim's website was compromised or used in the attack.

Victim Profile

Wisconsin Industrial Coatings, a company based in Kaukauna, Wisconsin, specializes in industrial coating and sandblasting services. They cater to various industries such as petrochemical, construction, pulp and paper, marine, nuclear, mining, power generation, and water treatment. The company has 32 employees and a revenue of $8.4 million.

Company Standout

The company stands out in the industry by emphasizing the importance of seeking, training, and retaining the best employees, including having NACE Coating Inspectors on staff. They offer in-shop surface preparation and coating applications to the industrial and commercial markets of Wisconsin with field services available nationwide.

Vulnerabilities

Being targeted by threat actors, Wisconsin Industrial Coatings may have vulnerabilities in their cybersecurity defenses that allowed the LockBit 3.0 ransomware group to penetrate their systems. The company's website could have been compromised or used as an entry point for the attack.

Ransomware Group Details

The LockBit 3.0 ransomware group is known for its advanced capabilities and evasive techniques. They encrypt files, modify filenames, change desktop wallpapers, and drop ransom notes on victims' desktops. LockBit 3.0 is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. The group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.