Key Points:
- The LockBit ransomware group has targeted and claimed four new victims: Bemes, Inc., Spirit Leatherworks, and Robert F. Pagano & Associates in the US, and Goldwind in China.
- The ransomware gang uses double extortion tactics, encrypting victims’ data and threatening to leak it unless their ransom demands are met.
- The group has been active for over four years and is one of the few ransomware groups to use self-spreading malware technology and double encryption.
The recent wave of cyberattacks by the LockBit ransomware group has affected four new entities. US-based companies Bemes, Inc., Spirit Leatherworks, and Robert F. Pagano & Associates, as well as China-based Goldwind are the latest victims of these attacks. The official websites of Goldwind and Robert F. Pagano & Associates displayed loading errors, suggesting disruption due to the attacks. However, these allegations by the hacker group remain unverified until confirmation from the affected entities.
As part of the cyberattacks, each of the victims faces a distinct data release deadline. China-based Goldwind has been given until December 17, 2023 to meet the group’s demands before their data potentially becomes exposed on the dark web. The other three victims, American companies Spirit Leatherworks, Robert F Pagano & Associates, and Bemes, Inc., face varying deadlines of December 21, 2023, December 18, 2023, and December 14, 2023 respectively.
LockBit is a Russian-speaking ransomware group that has been active for over four years. The group uses double extortion tactics, threatening to leak the victims’ data unless their demands are met. Over the years, LockBit has launched thousands of attacks on companies globally, with a particular focus on those headquartered in the United States. The group is believed to have collected tens of millions of dollars in ransom payments to date.
The Cybersecurity and Infrastructure Security Agency (CISA) in the US has stated that LockBit has launched at least 1700 cyberattacks on different US enterprises. Typically, the group extorts money by seizing confidential information and using it as leverage. Since appearing in 2019, the group has continued to escalate its efforts, targeting multiple organizations with its dangerous double encryption and self-spreading malware technologies.