FAAC Ransomware Attack by Lockbit3

Company Information

FAAC, a UK-based company specializing in access automation systems, has recently fallen victim to a ransomware attack by the group Lockbit3. This incident was disclosed on the group's dark web leak site. FAAC provides customer support exclusively within the UK, and while it holds a significant position in its industry, specific details regarding the company's size and market share are not widely publicized.

Vulnerabilities

The precise vulnerabilities exploited in the FAAC ransomware attack remain unspecified. However, it is known that Lockbit3, similar to ALPHV ransomware, initiates its execution using a specific key. Additionally, the malware is designed to dynamically resolve the names of WinAPI functions, a technique aimed at concealing its true import table from static analysis tools, complicating efforts to understand and mitigate the malware's impact.

Previous Attacks

In 2016, FAAC experienced a significant cybersecurity breach that resulted in a financial loss of $55 million, subsequently causing a 17% decline in its stock value. The specifics of this attack, including any potential involvement of the company's CEO, have not been disclosed to the public.

Mitigation Strategies

To safeguard against ransomware and other cyber threats, organizations are advised to implement robust security measures, educate employees on the identification of phishing attempts and other deceptive tactics, and establish internal controls aimed at preventing unauthorized financial transactions.

Sources

• FAAC Website
• Cyber Rescue Library
• Industrial Cybersecurity Pulse
• Sucuri Blog
• Barracuda Blog
• Acronis Cyber Protection Operation Center Report 2022