Ransomware Attack on H.L. Lawson & Sons by INC Ransom

H.L. Lawson & Sons, a prominent logistics and warehousing company based in Roanoke, Virginia, has recently fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group INC Ransom. The attack was publicly claimed by the group on their dark web leak site, raising significant concerns about the security of the company's data and operations.

Company Profile

Founded in 1937 by Harry Leland Lawson, H.L. Lawson & Sons, also known as Lawson Companies, has established itself as a leader in the logistics and warehousing sector. The company operates a substantial infrastructure with up to one million square feet of storage space, specializing in general commodity storage and distribution. Their services include Just-In-Time (JIT) inventory programs, cross-docking, and load consolidations, with facilities strategically located for rail-side access.

Lawson Logistics, a division of H.L. Lawson & Sons, manages transportation across the Eastern United States, boasting a fleet of 34 power units equipped with satellite tracking for real-time delivery monitoring. The company employs between 11 to 50 individuals, indicating a small to medium-sized enterprise.

Attack Overview

INC Ransom claims to have infiltrated H.L. Lawson & Sons' systems, gaining access to their database. While the specific details of the compromised data have not been disclosed, the attack highlights the increasing threat of ransomware to businesses. The group's use of double extortion tactics, which involve both encrypting and stealing data, adds pressure on victims to comply with ransom demands.

About INC Ransom

INC Ransom is a sophisticated ransomware group known for targeting corporate and organizational networks. They employ advanced techniques such as spear-phishing and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. The group has been active since 2023 and has targeted various industries, including healthcare, education, and technology. Their attacks often involve double extortion, threatening to release stolen data if ransom demands are not met.

Potential Vulnerabilities

H.L. Lawson & Sons' reliance on integrated logistics solutions and real-time tracking technology may have exposed them to vulnerabilities exploited by INC Ransom. The group's sophisticated methods, including the use of legitimate system tools for reconnaissance and lateral movement, could have facilitated the breach. This incident underscores the critical need for enhanced cybersecurity measures to protect against such advanced threats.

Sources

• H.L. Lawson & Sons Official Website
• SOCRadar - Dark Web Profile: INC Ransom
• SentinelOne - INC Ransom
• Security Affairs - INC Ransom Ransomware Attack on Xerox Corp