Ransomware Attack on ITSS Bilişim Hizmetleri by LockBit 3.0

Victim Profile

ITSS Bilişim Hizmetleri is an information technology company based in Istanbul, Turkey. The company provides IT services and solutions to over 100 leading companies across various sectors. Their main focus is on providing contractual hardware and software maintenance services for servers, storage systems, and tape libraries. Their specialization in providing 24/7 maintenance services for a range of server systems sets them apart in the industry.

Attack Overview

ITSS Bilişim Hizmetleri was targeted by the LockBit 3.0 ransomware group, known for its advanced capabilities and evasive tactics. The attackers managed to exfiltrate 33 GB of data from the company, including financial documents and personally identifiable information. This breach poses significant risks to the company's operations and data security.

Ransomware Group Distinction

LockBit 3.0, also referred to as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and expanding its attack volume across various devices and operating systems. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. It is heavily obfuscated and difficult to analyze, making it a potent threat in the cybersecurity landscape.

LockBit May Attacks

This ransomware attack on ITSS Bilişim Hizmetleri is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit swiftly resumed its activities, targeting over 50 victims globally. The group's adaptability and resilience highlight the need for enhanced international cooperation and proactive cybersecurity measures to combat cybercriminal networks effectively.

Sources:

• ITSS Bilişim Hizmetleri Website
• Dun & Bradstreet - ITSS Bilişim Hizmetleri
• VMware - LockBit 3.0
• SentinelOne - LockBit 3.0
• Trend Micro - LockBit Ransomware Group