The notorious LockBit ransomware group has claimed four more victims, bringing its total to thousands of companies targeted since 2019, primarily those headquartered in the United States. This time, the cybercriminals targeted U.S.-based companies Bemes, Inc., Spirit Leatherworks, and Robert F Pagano & Associates, as well as China-based firm Goldwind. While the hackers have claimed responsibility for these attacks, official statements from the affected companies are yet to verify this claim. The LockBit gang allegiance is thought to be with Russian organizations and, according to the U.S. Government, it has extorted approximately $91 million since 2020.
- Bemes, Inc.: A company based in Fenton, Missouri that specializes in the rental, servicing, repair, and sale of respiratory and respiratory-related equipment.
- Spirit Leatherworks: Based in Torrance, California, this company designs, manufactures, and distributes leather goods including bags, belts, and accessories.
- Robert F Pagano & Associates: A business advisory and CPA firm based in Boston, Massachusetts.
- Goldwind: A Chinese multinational that develops, manufactures, and markets wind turbine generators and related parts. It also constructs and operates wind power plants.
LockBit has been active for over four years and uses double extortion tactics, such as encrypting victims’ data and threatening to leak it if their demands are not met. They have targeted organizations worldwide, such as the Royal Mail and Boeing, and implemented innovative attack methods like self-spreading malware technology and double encryption. The Cybersecurity and Infrastructure Security Agency (CISA) reported that LockBit has carried out at least 1,700 cyberattacks on different U.S.-based companies, typically using confidential information as leverage for extortion.