LockBit Ransomware Group Targets Five Star Products in Devastating Cyber Attack

Five Star Products, a specialized manufacturer renowned for its high-performance construction materials, has become the latest victim of a ransomware attack orchestrated by the notorious LockBit group. The attack, which has been explicitly claimed by LockBit on their dark web leak site, has compromised the company's data and systems, highlighting the persistent threat posed by advanced ransomware groups.

About Five Star Products

Founded in 1955, Five Star Products, Inc. is a prominent manufacturer specializing in precision grouting, waterproofing, and concrete restoration solutions. The company operates under a strict quality control system adhering to the ISO 9001-2015 standard, ensuring high-quality outputs from its strategically located manufacturing facilities worldwide. Five Star Products serves a wide array of markets, including the petrochemical, power generation, industrial manufacturing, marine construction, and infrastructure development sectors. Their commitment to innovation is underscored by an extensive portfolio of over 100 patents worldwide.

Attack Overview

The ransomware attack on Five Star Products has likely resulted in the encryption of critical files, rendering them inaccessible. LockBit, known for its sophisticated encryption techniques and aggressive ransom demands, employs a combination of RSA-2048 and AES-256 encryption algorithms. The group uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The attack underscores the vulnerabilities that even well-established companies face in the ever-evolving landscape of cyber threats.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit distinguishes itself through its modular ransomware, which encrypts its payload until execution to hinder malware analysis and detection. The group exploits vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.

Penetration and Impact

LockBit's ability to exploit vulnerabilities in RDP services and unsecured network shares likely facilitated the penetration of Five Star Products' systems. The ransomware performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region, indicating a strategic approach to targeting specific regions. The attack on Five Star Products highlights the critical need for advanced cybersecurity measures to protect against such sophisticated threats.

Sources

• Five Star Products
• SOCRadar: Dark Web Profile - LockBit 3.0 Ransomware
• TXOne: Malware Analysis - LockBit 3.0
• Red Piranha: Look - LockBit 3.0 Ransomware
• Cyber.gov.au: Ransomware Profile - LockBit 3.0