LockBit3 Ransomware Group Targets Competenz in New Zealand

Overview of Competenz

Competenz is a New Zealand-based industry training organization dedicated to providing vocational education and training across various sectors. Their mission is to develop a skilled workforce through a range of training programs, apprenticeships, and qualifications tailored to meet industry needs. Collaborating closely with employers, industry associations, and educational institutions, Competenz ensures their training solutions are relevant and up-to-date with current industry standards and practices.

Each year, Competenz partners with over 3,500 companies and supports more than 20,000 learners across 36 industries. They facilitate apprenticeships and on-the-job training, matching apprentices with employers and providing ongoing support throughout the training process. This includes monitoring progress, offering guidance, and ensuring that both apprentices and employers fulfill their obligations.

Details of the Ransomware Attack

On June 26, 2024, the ransomware group LockBit3 claimed responsibility for an attack on Competenz via their dark web leak site. The attackers have threatened to publish the organization's sensitive data, including passports, financial records, and banking information. This attack has raised significant concerns about the security of the personal and financial information of both the learners and the companies associated with Competenz.

About LockBit3 Ransomware Group

LockBit, also known as LockBit Black, is a highly sophisticated ransomware-as-a-service (RaaS) group active since September 2019. It has become the most active ransomware group, responsible for over one-third of all ransomware attacks in the latter half of 2022 and the first quarter of 2023. LockBit employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid.

LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files. The ransomware is designed to exploit vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network. Additionally, it performs a check to avoid executing on computer systems with installed languages common to the Commonwealth of Independent States (CIS) region.

Potential Vulnerabilities and Penetration Methods

Competenz, like many organizations, may have been vulnerable to ransomware attacks due to several factors. These could include inadequate network segmentation, outdated software, and insufficient security patches. The use of Remote Desktop Protocol (RDP) services and unsecured network shares could have provided an entry point for the LockBit3 ransomware. Additionally, social engineering tactics such as phishing emails could have been employed to gain initial access to the organization's systems.

Impact on Competenz and the Education Sector

The ransomware attack on Competenz highlights the growing threat of cyberattacks on the education sector. The potential exposure of sensitive data could have severe implications for the individuals and companies involved with Competenz. This incident underscores the importance of robust cybersecurity measures and the need for continuous vigilance against evolving cyber threats.

Sources

• Competenz Official Website
• TXOne Networks: Malware Analysis - LockBit 3.0
• Australian Cyber Security Centre: Ransomware Profile - LockBit 3.0