Three UK organisations have been posted to the dark web victim blog of ransomware gang LockBit in the last week, alongside nine other companies the Russian cybercriminals claim to have breached.
LockBit alleges it has successfully attacked these companies, stealing their data, and has given them a month to respond to its demands before the information is posted to the dark web.
The supposed victims include Scottish law firm Raeburn, Christie, Clark and Wallace; the fire alarm production company Rex Group Services; and trade organisation the Food and Drink Federation. Raeburn, Christie, Clark and Wallace has been given until 19 October to respond to negotiations, whereas the deadline for the others was set at 30 September. The website for Rex Group Services remains down at the time of writing.
LockBit claims to have lifted personal information from the Food and Drink Federation, which represents companies in the food and drink manufacturing industry with more than 1,000 members. “Passports, banks, accounting, juridic [sic], customers and etc private data was downloaded,” the gang claims.
Tech Monitor has contacted the three UK organisations for comment. A spokesperson for the FDF said: “We recently identified that a third party is claiming to have copied and published information from our systems. Based on our investigation, alongside external forensic specialists, we are confident these claims are untrue. Our systems are fully operational and there’s been no disruption to our work.”
The nine other companies posted to LockBit’s blog over the past week include five companies from US Altman Plants, a multi-billion dollar plant conservation company, which had a deadline of 28 September, while online contract management system EZ Pay Buildings’ deadline was set at 30 September.
Mechanical parts manufacturer Solve Industrial Motion Group appears to have a longer deadline of 10 October, while the Fauquier County Public Schools System and Taylored Services have until 18 October.
Also posted to the blog are Palácio dos Leilões from Portugal, Italian company La Spesa in Famiglia and Dutch hotel chain Thermae 2000, as well as Lebanon’s Erga Group Taiwan-based construction company the Chien Kuo Group.
LockBit is one of the most prolific ransomware gangs active today, alongside other Russian criminals Cl0p and BlackCat. The gang appears to target victims indiscriminately, and last month the gang hit headlines for leaking documents from the UK’s Ministry of Defence after attacking one of its suppliers. In August it carried out a cyberattack on Japan’s largest trading port, Nagoya, which completely shut the port down for several hours.
The group amassed 39% of the ransomware victims worldwide from October 2022 to May this year, according to a report released by Akamai. Within those seven months, LockBit successfully attacked 1,091 organisations, according to the research.