LockBit 3.0 Ransomware Attack on Ramfoam

Incident Date: May 23, 2024

Attack Overview

VICTIM

Ramfoam

INDUSTRY

Manufacturing

LOCATION

United Kingdom

ATTACKER

Lockbit

FIRST REPORTED

May 23, 2024

Request Removal

LockBit 3.0 Ransomware Attack on Ramfoam

Overview of the Attack

Ramfoam Ltd, a prominent UK-based manufacturer specializing in foam products, has fallen victim to a sophisticated ransomware attack orchestrated by the LockBit 3.0 group. The attack was publicly claimed on LockBit’s dark web leak site, with sensitive company data being exfiltrated and a ransom demand imposed. Specific details about the ransom amount or the exact data compromised have not been disclosed.

About Ramfoam

Ramfoam Ltd is a leading converter and supplier of polyurethane and polyethylene foam in Europe. The company provides a wide range of foam products, including mattresses, pillows, and cushions, and offers custom foam cutting services. With a workforce of 51-200 employees and an estimated revenue of $9 million, Ramfoam serves various industries, including retail packaging and insulation for planes. The company prides itself on being Europe's leading foam converter, known for its extensive range of foam materials and conversion options.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is an advanced variant of the LockBit ransomware family, operating under a Ransomware-as-a-Service (RaaS) model. This model allows affiliates to use the ransomware to conduct attacks, significantly expanding its reach. LockBit 3.0 is known for its enhanced encryption capabilities, obfuscation techniques to avoid detection, and features such as lateral movement through networks and deletion of system logs. These capabilities make it a highly effective and dangerous threat to organizations worldwide.

Details of the Attack

The LockBit 3.0 attack on Ramfoam was likely facilitated through high-volume phishing campaigns, as observed in similar attacks. These campaigns often involve sending emails with malicious attachments that, once opened, deploy the ransomware payload. LockBit 3.0's advanced features enable it to encrypt files, modify filenames, and place a ransom note on the victim's desktop. The ransomware also employs strong encryption algorithms, making it nearly impossible to decrypt files without paying the ransom.

One of the unique aspects of LockBit 3.0 is its double extortion tactic, where the attackers threaten to release stolen data publicly if the ransom is not paid. This method increases the pressure on victims to comply with the demands, as the potential data leak could have severe reputational and financial consequences.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.