LockBit Ransomware Attack on iteam Technology Solutions S.A.: Details and Impact

Incident Date: Jul 19, 2024

Attack Overview

VICTIM

iteam Technology Solutions S.A.

INDUSTRY

Software

LOCATION

Greece

ATTACKER

Lockbit

FIRST REPORTED

July 19, 2024

Request Removal

LockBit Ransomware Attack on iteam Technology Solutions S.A.

Overview of iteam Technology Solutions S.A.

Established in 1999, iteam Technology Solutions S.A. is a prominent technology solutions provider based in Athens, Greece. The company specializes in delivering a range of IT services and products to large and medium-sized enterprises. Their core services include custom software development, software testing, infrastructure management, business intelligence, and artificial intelligence. Notably, iteam has developed proprietary products such as a Business Process Management System and a Regulatory Compliance Management System. The company is recognized as a Gold Microsoft Certified Partner and collaborates with major industry players like Aegean Airlines through their aviBright unit.

Details of the Ransomware Attack

iteam Technology Solutions S.A. recently fell victim to a ransomware attack orchestrated by the notorious LockBit group. The attack led to significant operational disruptions and potentially jeopardized sensitive client data and internal information. LockBit, known for its sophisticated encryption techniques and high ransom demands, targeted the organization, which employs between 51 and 200 staff members. The attack underscores the growing threat of ransomware within the IT services sector.

About LockBit Ransomware Group

LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in recent years. LockBit employs a combination of RSA-2048 and AES-256 encryption algorithms and uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across networks.

Potential Vulnerabilities and Penetration Methods

LockBit likely penetrated iteam Technology Solutions S.A.'s systems by exploiting vulnerabilities in RDP services or unsecured network shares. The ransomware's modular design and encryption techniques make it difficult to detect and analyze. Additionally, LockBit performs checks to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region, indicating a targeted approach. The attack highlights the importance of robust cybersecurity measures, especially for companies in the IT services sector.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.