LockBit 3.0 Ransomware Attack on Ora, Inc.
Ransomware Attack on Ora, Inc. by LockBit 3.0
Victim Company Profile
Ora, Inc. is a prominent full-service ophthalmic drug and device development firm that has been in operation since 1977. They are known for their expertise in bringing new products from concept to market efficiently, with a focus on ophthalmic care, contract research, clinical research, regulatory affairs, and clinical studies. Ora, Inc. stands out as a leader in the industry, having helped clients secure over 85 product approvals and boasting a team of experienced ophthalmic experts, R&D professionals, and management executives. The company operates under the domain oraclinical.com and is recognized for its contributions to pharmaceutical manufacturing, drug research, and various healthcare sectors. In 2024, Ora, Inc. reported an annual revenue of $77.6 million, showcasing its financial strength and success in the industry.
Company Vulnerabilities
The firm may have been targeted by threat actors due to its significant presence in the ophthalmic drug and device development sector. The company's valuable intellectual property, research data, and client information could have made it an attractive target for cybercriminals. Additionally, the company's large workforce of 552 employees and global operations may have provided multiple entry points for attackers to exploit.
Ransomware Group LockBit 3.0
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from previous versions of LockBit. This ransomware group has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features such as file encryption, desktop modifications, and the ability to move laterally through networks.
LockBit May Attacks
This ransomware attack on Ora, Inc. is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with increased activity, targeting over 50 victims within hours of reactivating its platform. The group's resurgence highlights the need for enhanced international cooperation to combat cybercrime effectively. LockBit's recent activities have targeted various industries globally, emphasizing the importance of proactive measures and collaborative intelligence sharing to counter such threats.
Overall, the ransomware attack on Ora, Inc. by LockBit 3.0 highlights the increasing sophistication and danger posed by ransomware groups in targeting organizations across various industries.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!