LockBit Ransomware Strikes Indonesia's Top Tinplate Maker

Incident Date: Jul 01, 2024

Attack Overview
VICTIM
Pelat Timah Nusantara (Latinusa), Tbk
INDUSTRY
Manufacturing
LOCATION
Indonesia
ATTACKER
Lockbit
FIRST REPORTED
July 1, 2024

Analysis of the LockBit Ransomware Attack on Pelat Timah Nusantara (Latinusa), Tbk

Company Profile: Pelat Timah Nusantara (Latinusa), Tbk

Pelat Timah Nusantara, commonly known as Latinusa, is Indonesia's premier tinplate manufacturer, established in 1982. The company specializes in producing high-quality tinplate primarily used for packaging in the food and beverage industry. Latinusa stands out in the Southeast Asian market not only due to its strategic location in tin-rich Indonesia but also because of its commitment to sustainability and continuous innovation in packaging solutions. The company is majority-owned by a Japanese consortium, which includes industry giants such as Nippon Steel Corporation and Mitsui Co. Ltd., underscoring its international standards of operation.

Details of the Ransomware Attack

Latinusa fell victim to a ransomware attack orchestrated by the notorious LockBit group, as confirmed by the group's claim on their dark web leak site. This incident highlights significant vulnerabilities, particularly in the cybersecurity measures employed by manufacturing entities deeply integrated with global supply chains. The exact penetration methods remain under investigation, however, LockBit's known tactics include exploiting Remote Desktop Protocol (RDP) vulnerabilities and leveraging phishing attacks to gain initial access.

Profile of the LockBit Ransomware Group

LockBit, a highly sophisticated ransomware-as-a-service (RaaS) operation, has been active since 2019 and is notorious for its aggressive extortion tactics. The group specializes in double extortion, where they encrypt the victim's data and threaten to release it unless a ransom is paid. LockBit uses advanced encryption methods and has a unique capability to avoid detection by not executing in regions associated with the Commonwealth of Independent States (CIS). This strategic operational choice minimizes local scrutiny and potential legal repercussions in those areas.

Potential Entry Points and System Vulnerabilities

Given LockBit's modus operandi, it is plausible that Latinusa's systems were compromised through insufficiently secured network points or through social engineering tactics that tricked employees into granting access. Manufacturing firms like Latinusa are particularly vulnerable due to their extensive reliance on automated systems and interconnected networks that, if not adequately protected, provide multiple entry points for cybercriminals.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.