Ransomware Attack on Kimmel Corporation by LockBit 3.0

Attack Overview

Kimmel Corp. was targeted by a cybercrime attack involving LockBit 3.0 ransomware, resulting in the theft of 100 GB of sensitive data, including contracts, employees and users' data, accounting data, and more. A sample of the exfiltrated data was leaked, causing significant disruption and potential data compromise for the company. The attack did not specify a ransom demand, indicating the severity of the breach.

Victim Profile

Kimmel Corporation, a 4th generation family-owned and operated company, offers a range of services including uniforms, towels, and aprons for various industries. The company emphasizes providing solutions that are supplied and fresh, with a focus on maintaining a clean and safe environment for businesses. They utilize radio frequency identification (RFID) chips sewn into garments for tracking purposes. The company operates primarily in the Consumer Services sector, offering uniform, mat, linen, and facility services. Their commitment to providing clean and safe environments for clients sets them apart in the industry. Kimmel Corporation also provides custom company apparel and prides itself on fulfilling its promises over its 4 generations of operation.

Ransomware Group Profile

The LockBit 3.0 ransomware group is an evolution of the LockBit group, known for its advanced capabilities and evasive tactics. LockBit 3.0 operates under a Ransomware-as-a-Service (RaaS) model, actively recruiting affiliates to target a wide range of businesses and critical infrastructure organizations. The ransomware encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes, making it a highly disruptive threat in the cybersecurity landscape.

Possible Penetration Methods

LockBit 3.0 distinguishes itself by its advanced features, including the ability to move laterally through a network via group policy updates and delete traces of itself to cover its tracks. The ransomware is heavily obfuscated and protected against analysis, making it challenging for security researchers to study. Its modular and evasive nature makes it harder to detect and defend against, posing a significant risk to organizations like Kimmel Corporation.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.

Sources:

• Kimmel Corporation Website
• Times of India - LockBit 3.0 Article
• SentinelOne - LockBit 3.0 Information