New LockBit Cyberattacks: Four Fresh Victims Fall Prey

December 15, 2023
1 min read

The Russian-speaking LockBit ransomware gang has added four new companies to its list of victims. The four latest targets include US-based firms Bemes, Inc., Spirit Leatherworks, and Robert F. Pagano & Associates, and China-based company Goldwind. Particularly notable are the distinct deadlines set for each company’s data release, and the fact that two of the attacked companies’ websites are experiencing loading errors. LockBit has been active for over four years and has extorted approximately $91 million since 2020, according to the US Government. It is worth mentioning that the group has a reputation for using double extortion tactics and is one of the few using self-spreading malware technology and double encryption.

  • US-based healthcare equipment company Bemes, Inc., faces a ransom deadline of December 14, 2023, at 23:22:17 UTC. Bemes specializes in the rental, repair, and sales of respiratory medical equipment.
  • Spirit Leatherworks, a company that designs, manufactures, and distributes leather goods, has a ransom deadline of December 21, 2023, at 04:22:14 UTC.
  • Robert F. Pagano & Associates, a Boston-based CPA and business advisory firm, faces a ransom deadline of December 18, 2023, at 23:23:04 UTC.
  • Chinese multinational company, Goldwind, which manufactures wind turbine generators and related parts, has been given until December 17, 2023, 15:45:06 UTC to pay the ransom.

According to the Cybersecurity and Infrastructure Security Agency (CISA), LockBit has carried out at least 1700 cyberattacks on different US-based firms, typically extorting money by taking confidential information and using it as leverage. It is worth mentioning that the hacker group’s claims need verification, as no official statements from the affected companies have been released yet.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and