WereWolves attacks David's Bridal

Incident Date:

February 16, 2024

World map



WereWolves attacks David's Bridal


David's Bridal




Conshohocken, USA

Pennsylvania, USA

First Reported

February 16, 2024

David's Bridal under Suspected Ransomware Attack

David's Bridal is under a suspected ransomware attack by the WereWolves ransomware group. The impact is unclear, and the company is keeping silent. David's Bridal is a clothing store in the United States that specializes in wedding dresses, bridesmaid dresses, prom and homecoming dresses, quinceañera dresses, flower girl dresses, and other formal wear. It also does alterations. Last year, CION Investment took control of David's Bridal after investing 20 million dollars. With a revolving line of credit and a term loan offered by Bank of America, it was announced that the chain would have 195 stores and 7000 employees.

The WereWolves Ransomware Group

The WereWolves ransomware group that emerged in May 2023 employs a variety of cyber attack techniques, notably utilizing a variant of the LockBit3.0 ransomware. Their strategy involves double extortion tactics, whereby they not only encrypt the victim's data but also threaten to publicly release it unless a ransom is paid. While an old version of LockBit was leaked, resulting in various threat actors adopting different versions, WereWolves, a potential LockBit affiliate, appears to operate differently. The group's targeting approach is diverse, affecting a broad spectrum of industries and businesses worldwide. As of January 2024, they have targeted 23 victims, primarily mid to small-scale enterprises and organizations, indicating a preference for easier targets. They do not seem to focus on specific countries, suggesting a primarily financial motivation.

Recruitment and Operations

The recruitment methods of the WereWolves group are as unconventional as their cyber attacks. Unlike many clandestine cybercrime groups, WereWolves have adopted a more open and lighthearted approach to expanding their team. Their online presence and website serve as a platform for propaganda, information dissemination, and recruitment, which sets them apart. They leverage their online presence to interact with victims and maintain their cybercriminal network, illustrating how modern cybercrime groups exploit the digital landscape for their illicit activities.

Originating from Russian-speaking backgrounds, the WereWolves ransomware group has targeted sectors ranging from finance to manufacturing. Although their approach seems random, they appear to focus on easily penetrable yet high-impact industries like small to mid-scale services and organizations. This suggests that their operations may not only be financially motivated but also potentially disruptive on a larger scale. Their choice of targets highlights their intent to cause significant operational and financial disruption to extract ransom, affecting sectors vital to various economies and societies. Unusually, their victim lists encompass both Russian and former Soviet countries, as well as countries with historical ties to the Soviet Union.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.