Ransomware Attack on ACLA-WERKE GmbH by LockBit 3.0

Overview

Falling victim to a cybercrime attack orchestrated by the LockBit 3.0 ransomware group, ACLA-WERKE, a German company, encountered typical ransomware tactics where the attackers encrypted the company's data and demanded payment for its release.

Company Profile

ACLA-WERKE GmbH is headquartered in Köln, Germany. It specializes in manufacturing technical polyurethane elastomer products for the transport and materials handling sector, A. The company operates as a privately held entity in the business support services sector. With an estimated annual revenue ranging from $25-100 million, it sustains a workforce of 100-250 individuals. Renowned for its expansive product range, ACLA-WERKE GmbH produces over 20,000 distinct parts made of polyurethane for high-tech applications.

Vulnerabilities and Targeting

The significant presence of ACLA-WERKE GmbH in the manufacturing sector, coupled with its global footprint, likely attracted the attention of threat actors. Specializing in high-quality components for the automotive industry and technical polyurethane elastomer products, the company's operations present lucrative opportunities for cybercriminals seeking to exploit vulnerabilities in supply chains and critical infrastructure.

LockBit May Attacks

Part of the May 2024 offensive by LockBit 3.0, the ransomware assault on ACLA-WERKE GmbH followed the disruption of LockBit's infrastructure in February during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly resumed its operations, targeting over 50 victims within hours of reactivating its platform. The group's recent onslaughts have spanned diverse industries globally, underscoring the imperative for enhanced international cooperation in combating cybercrime effectively.

Sources:

• ACLA-WERKE GmbH Website
• Owler - ACLA-WERKE GmbH
• North Data - ACLA-WERKE GmbH
• VMware - LockBit 3.0