LockBit Ransomware Attack on Federated Co-operatives Limited

Federated Co-operatives Limited (FCL), a prominent co-operative organization in Western Canada, has fallen victim to a ransomware attack orchestrated by the notorious LockBit group. The cybercriminals claim to have exfiltrated 10 terabytes of data and have threatened to release this information on August 23, 2023. This incident adds to the challenges FCL is already facing, following a significant cyberattack in late June.

About Federated Co-operatives Limited

FCL is a significant player in Western Canada's economic landscape, serving as a wholesaler to over 160 independent retail co-operatives owned by more than 2 million individual members. The organization operates across several key sectors, including energy, food, agriculture, and home and building supplies. FCL's extensive network and diverse business operations make it a vital contributor to the region's economy, with an estimated revenue between $5 to $10 billion USD.

FCL's commitment to sustainability and community involvement is evident through initiatives like reducing emissions, eliminating waste, and investing in local communities. The organization also supports community programs through the Co-op Community Spaces and the Community Investment Fund.

Attack Overview

The LockBit ransomware group has claimed responsibility for the attack on FCL, stating that they have exfiltrated 10 terabytes of data. The group has threatened to release this data publicly if their ransom demands are not met. The attack has left FCL grappling with the aftermath, and the company has yet to issue a public statement regarding the breach.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware, LockBit encrypts its payload until execution to hinder malware analysis and detection. The group employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.

LockBit exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region.

Potential Vulnerabilities

FCL's extensive operations and large network make it a prime target for ransomware attacks. The organization's reliance on digital infrastructure for its diverse business activities, including energy, food, and agriculture, increases its vulnerability to cyber threats. Additionally, the interconnected nature of its co-operative model, serving over 160 independent retail co-operatives, presents multiple entry points for threat actors.

Sources

• Federated Co-operatives Limited
• SOCRadar: Dark Web Profile - LockBit.0 Ransomware
• TXOne Networks: Malware Analysis - LockBit.0
• Red Piranha: A Look at LockBit.0 Ransomware
• CISA: Ransomware Profile - LockBit.0