Luxwood Software Hit by Cicada 3301 Ransomware Attack
Ransomware Attack on Luxwood Software Tools by Cicada 3301
Luxwood Software Tools, a prominent player in the construction software industry, has recently fallen victim to a ransomware attack orchestrated by the notorious group Cicada 3301. The breach, discovered on October 18, involved the exfiltration of 60GB of sensitive data, raising significant concerns about the security of Luxwood's proprietary software tools.
About Luxwood Software Tools
Luxwood Software Tools, operating under the registered name The Luxwood Corporation, is a Canadian company based in Barrie, Ontario. Established in 1985, Luxwood specializes in providing innovative software solutions tailored for the construction and building materials industry. Their offerings include advanced tools for design and estimation, facilitating the creation of detailed designs and parts lists for various structures. Luxwood's software integrates seamlessly with systems like point-of-sale, accounting, and project management, enhancing operational efficiency and reducing data entry errors. With an estimated annual revenue of $6.6 million, Luxwood stands out for its comprehensive product offerings and long-term industry partnerships.
Attack Overview
The ransomware attack on Luxwood was executed by Cicada 3301, a group known for its focus on data exfiltration and extortion. The breach involved the theft of 60GB of data, potentially compromising sensitive information related to Luxwood's proprietary software tools. Cicada 3301 provided a sample proof of breach, underscoring the severity of the attack. The group's modus operandi includes using phishing campaigns and brute-forcing VPN credentials to gain initial access, followed by lateral movement and data exfiltration.
About Cicada 3301
Cicada 3301 is a newly emerged Ransomware-as-a-Service (RaaS) and data broker group that gained attention in mid-2024. Unlike traditional ransomware groups, Cicada 3301 focuses on exfiltrating and selling sensitive data rather than demanding quick ransom payments. The group employs a double-extortion model, threatening to release stolen data if demands are not met. Their operations involve high complexity, utilizing tools like PsExec for lateral movement and RClone for data exfiltration. Cicada 3301's unique approach and sophisticated tactics make them a formidable threat in the cybersecurity landscape.
Potential Vulnerabilities
Luxwood's vulnerabilities in being targeted by Cicada 3301 may stem from their use of VPN appliances and integration with various systems, which could have been exploited by the attackers. The group's use of the Brutus botnet for brute-forcing VPN credentials highlights the importance of effective cybersecurity measures to protect against such sophisticated threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!