Sysroad Targeted: LockBit3 Ransomware Attack
Incident Date:
May 27, 2024
Overview
Title
Sysroad Targeted: LockBit3 Ransomware Attack
Victim
Sysroad
Attacker
Lockbit3
Location
First Reported
May 27, 2024
Ransomware Attack on Sysroad by LockBit3
Victim Overview
Sysroad, a private company founded in 2013, specializes in the integration of high-value-added IT and telecoms solutions. Known as a leader in their field, Sysroad employs between 51 and 200 people. The company offers a range of services related to system administration and road traffic management, including traffic control systems, toll collection systems, parking management systems, and intelligent transportation systems. Additionally, they provide consulting services for system design, implementation, and maintenance, as well as training programs for professionals in the field.
Attack Overview
The LockBit3 ransomware group targeted Sysroad.com, leaking data and demanding a ransom. The cybercriminals threatened to publish the company's sensitive information if the ransom was not paid by a specified deadline. Reports indicate that LockBit3 has caused around twenty victims in Senegal, including Sysroad.
Ransomware Group Profile
LockBit3, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that continues the legacy of LockBit and LockBit 2.0. This group is considered one of the most dangerous and disruptive ransomware threats currently active. LockBit3 encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study and counter.
Company Vulnerabilities
Sysroad's role in integrating high-value-added IT and telecoms solutions may have made them a target for threat actors like LockBit3. The company's involvement in system administration and road traffic management involves handling sensitive data and critical infrastructure, increasing their vulnerability to cyberattacks. Furthermore, Sysroad's size and industry leadership could have attracted ransomware groups seeking high-profile targets.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.