LockBit 3.0 Ransomware Attack on Grand Indonesia

Incident Date: May 07, 2024

Attack Overview

VICTIM

Grand Indonesia

INDUSTRY

Retail

LOCATION

Indonesia

ATTACKER

Lockbit

FIRST REPORTED

May 7, 2024

Request Removal

Ransomware Attack on Grand Indonesia by LockBit 3.0

Attack and Company Overview

A premium shopping mall located in Central Jakarta, Indonesia, Grand Indonesia, was targeted in a cyberattack by the LockBit 3.0 ransomware group. The mall is owned by PT. Djarum, a subsidiary of the Djarum Group, and is managed by PT. Grand Indonesia. It consists of a shopping mall, office tower, hotel, and serviced residential tower, offering a wide range of fashion apparel, restaurants, and entertainment options.

Company Size and Industry Standing

Grand Indonesia is a significant player in the retail sector, with a total area of approximately 263,226 square meters and over 140,000 square meters of leasable floor space. The mall hosts international brands, anchors like Seibu Department Store and CGV Cinemas, and various dining options, making it a popular destination for both locals and tourists.

Vulnerabilities and Targeting

As a high-profile retail complex, Grand Indonesia stands out in its industry due to its size, diverse offerings, and central location. These factors may have made it an attractive target for threat actors like the LockBit 3.0 ransomware group. The group is known for its advanced capabilities, including file encryption, obfuscation, lateral movement within networks, and covering its tracks effectively.

Ransomware Group Distinctions

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. It has been actively recruiting affiliates and expanding its attack volume across various devices and operating systems. The ransomware is highly obfuscated, making it challenging for security researchers to analyze, and it has been used to target a wide range of organizations globally, including major companies like Boeing and ICBC.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, where the group resurfaced following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly targeted over 50 victims, showcasing its global reach and adaptability. The group's resurgence highlights the need for enhanced international cooperation and proactive cybersecurity measures to combat cybercrime effectively.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.