LockBit Ransomware Hits Goldstar Metal: Major Cyber Attack Exposes Data Vulnerabilities
LockBit Ransomware Group Targets Goldstar Metal in Devastating Cyber Attack
Overview of Goldstar Metal
Goldstar Metal is a prominent manufacturer and distributor of extruded aluminium products based in Thailand. The company is renowned for its high-quality aluminium extrusion profiles, produced using state-of-the-art equipment and a variety of extrusion presses. Goldstar Metal adheres to international safety and quality control standards, including the JIS H4001:2015 Japanese standard, ISO 9001:2015 accreditation, and the Thai TIS 284-1987 certification. The company also offers post-production surface finishing options such as anodising and powder coating, which enhance the durability and aesthetic appeal of their products.
Details of the Ransomware Attack
On July 19, 2024, Goldstar Metal fell victim to a ransomware attack orchestrated by the notorious LockBit group. The attack was publicly claimed on LockBit's dark web leak site. While the exact size of the data leak remains unknown, the incident has raised significant concerns about the security of Goldstar Metal's sensitive information and operational integrity. The company is currently assessing the full impact of the breach and working to mitigate any potential damage.
About LockBit Ransomware Group
LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. The group is responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and uses "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. The group typically demands payment in Bitcoin, ranging from several thousand to several hundred thousand dollars.
Potential Vulnerabilities and Attack Vectors
LockBit is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. The ransomware also performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region. Indicators of Compromise (IOCs) for LockBit include the creation of a mutual exclusion object (Mutex) when executed, the use of a unique icon, and changes to the victim's computer wallpaper. Goldstar Metal's reliance on advanced manufacturing technologies and extensive digital infrastructure may have made it an attractive target for the ransomware group.
Sources:
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!