Ransomware Attack on Wisconsin Industrial Coatings
Incident Date:
May 9, 2024
Overview
Title
Ransomware Attack on Wisconsin Industrial Coatings
Victim
Wisconsin Industrial Coating
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Wisconsin Industrial Coatings
Overview
Wisconsin Industrial Coatings, a company based in the USA, was targeted in a cyberattack by the LockBit 3.0 cybercrime group. The attackers used ransomware to encrypt the company's data, making it inaccessible unless a ransom is paid. It is likely that the victim's website was compromised or used in the attack.
Victim Profile
Wisconsin Industrial Coatings, a company based in Kaukauna, Wisconsin, specializes in industrial coating and sandblasting services. They cater to various industries such as petrochemical, construction, pulp and paper, marine, nuclear, mining, power generation, and water treatment. The company has 32 employees and a revenue of $8.4 million.
Company Standout
The company stands out in the industry by emphasizing the importance of seeking, training, and retaining the best employees, including having NACE Coating Inspectors on staff. They offer in-shop surface preparation and coating applications to the industrial and commercial markets of Wisconsin with field services available nationwide.
Vulnerabilities
Being targeted by threat actors, Wisconsin Industrial Coatings may have vulnerabilities in their cybersecurity defenses that allowed the LockBit 3.0 ransomware group to penetrate their systems. The company's website could have been compromised or used as an entry point for the attack.
Ransomware Group Details
The LockBit 3.0 ransomware group is known for its advanced capabilities and evasive techniques. They encrypt files, modify filenames, change desktop wallpapers, and drop ransom notes on victims' desktops. LockBit 3.0 is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. The group operates under a Ransomware-as-a-Service (RaaS) model, allowing other cybercriminals to use their malware for attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.