- The LockBit ransomware group has extended its list of victims, targeting four additional entities: US-based Bemes, Inc., Spirit Leatherworks, Robert F Pagano & Associates, and China-based Goldwind.
- The websites of Goldwind and Robert F Pagano & Associates experienced loading errors in the wake of the cyberattack, although most of the other affected sites were operating normally.
- Each of the victims has been given a distinct deadline for data release, after which their data could potentially be exposed on the dark web.
- The LockBit ransomware group has been active for over four years, with a history of double extortion tactics.
The LockBit ransomware gang has extended its spree of cyberattacks, with four new victims appearing on its list. The latest entities to be targeted are U.S.-based Bemes, Inc., Spirit Leatherworks, and Robert F Pagano & Associates, along with China-based Goldwind. On attempting to access the websites of these affected entities, most were found to be operating as per usual. Interestingly, however, the websites of Goldwind and Robert F Pagano & Associates experienced loading errors. It remains to be seen if these glitches are connected with the reported LockBit cyberattacks.
The victims have each been given a distinct deadline for data release. The cut-off for China-based Goldwind is December 17, 2023, while the U.S. based victims – Spirit Leatherworks, Robert F Pagano & Associates, and Bemes, Inc. – have been set deadlines of December 21, 2023, December 18, 2023, and December 14, 2023, respectively.
As background, the LockBit ransomware group is known for its double extortion tactics, which involve not only encrypting victims’ data but also threatening to leak it if their ransom demands aren’t met. Estimated to have extorted around $91 million since 2020, the group also employs self-spreading malware technology and double encryption tactics. LockBit has previously targeted prominent global organizations including Royal Mail and Boeing, amongst others.
LockBit first emerged in 2019 and has focused its efforts on hacking numerous companies around the world, with a particular emphasis on U.S.-based businesses. The group has ties to Russian organizations and has been successful in collecting ransom payments totaling tens of millions of dollars over the years.
The Cybersecurity and Infrastructure Security Agency (CISA) estimates that LockBit has conducted at least 1,700 cyberattacks on various U.S.-based entities, extorting money by threatening the release of sensitive information.