Ransomware Attack on Keuka College by LockBit 3.0

Incident Date: May 16, 2024

Attack Overview

VICTIM

Keuka College

INDUSTRY

Education

LOCATION

USA

ATTACKER

Lockbit

FIRST REPORTED

May 16, 2024

Request Removal

Ransomware Attack on Keuka College by LockBit 3.0

Victim Overview

Keuka College, a private liberal arts college located in Keuka Park, New York, was targeted by the cybercrime group LockBit 3.0. The college offers undergraduate and graduate programs in liberal arts, health and human services, education, and business. Keuka College is known for its student-centered approach and its Field Period program, providing hands-on learning experiences.

Company Size and Standout Features

As of 2021, Keuka College has 643 employees and generates an annual revenue of $11.4 million. The college stands out for its academic excellence and commitment to experiential learning through real-world settings.

Attack Overview

LockBit 3.0, a dangerous ransomware group, compromised Keuka College's website through a ransomware attack. The attack involved encrypting files, modifying filenames, changing desktop wallpaper, and dropping a ransom note on the victim's desktop. LockBit 3.0 is known for its advanced capabilities, including lateral movement through networks and obfuscation to evade detection.

Company Vulnerabilities

The college's emphasis on academic excellence and its diverse programs may have made it a target for threat actors like LockBit 3.0. The college's website could have been vulnerable to ransomware attacks due to potential security gaps in its systems.

Ransomware Group Details

LockBit 3.0, is a Ransomware-as-a-Service (RaaS) group that targets a wide range of organizations globally. The group distinguishes itself by its modular and evasive nature, making it challenging for security researchers to analyze and defend against. LockBit 3.0 has been used to target major companies like Boeing and ICBC.

Penetration of Company Systems

The ransomware group could have penetrated Keuka College's systems through various means, such as phishing emails, unpatched software vulnerabilities, or weak security configurations. The ransomware group's advanced capabilities allowed it to move laterally through the network and cover its tracks effectively.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.