LockBit 3.0 Ransomware Attack on Garage Cretot SAS
Ransomware Attack on Garage Cretot SAS by LockBit 3.0
Victim Company Profile
Garage Cretot SAS, located in France, was targeted by the LockBit 3.0 ransomware group in a recent cyberattack. The company specializes in the sale and servicing of commercial vehicles, including trucks, semi-trailers, and utility vehicles. With over 40 years of experience, Garage Cretot offers services such as sales of new and used vehicles, maintenance and repair services, and leasing options. They represent major brands like IVECO and IVECO BUS and also sell second-hand machines through the Machinetrack platform.
Ransomware Attack Details
The ransomware attack on Garage Cretot involved the exfiltration of 215 GB of data, including scans, financial records, marketing data, and potentially other sensitive information. The attackers, LockBit 3.0, did not issue a specific ransom demand but leaked a sample of the exfiltrated data.
LockBit 3.0 Ransomware Group
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting various businesses and critical infrastructure organizations. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. It is highly obfuscated and difficult for security researchers to analyze. LockBit 3.0 has advanced features like lateral movement through networks and self-deletion to cover its tracks.
Company Vulnerabilities
The company may have been targeted by threat actors due to the sensitive nature of the data they handle, including financial records and customer information. The company's reliance on digital systems for sales, servicing, and data management could have made them vulnerable to ransomware attacks. Additionally, the high-profile nature of their business, representing major vehicle brands and operating in the consumer services sector, could have made them a lucrative target for cybercriminals.
LockBit May Attacks
This ransomware attack on Garage Cretot SAS is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims within hours of reactivating its platform. The group's ability to regroup and strike back efficiently raises concerns about current strategies' adequacy in combating cybercrime. LockBit's recent activities have affected diverse industries globally, emphasizing the need for proactive measures and international collaboration to counter such cybercriminal networks effectively.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!