LockBit activity over the holidays.
N2K logoJan 3, 2023

Local governments, ports, and a children's hospital. (But they're sorry about that children's hospital.)

LockBit activity over the holidays.

LockBit ransomware operators launched attacks against the Port of Lisbon and an Ohio town over the past two weeks.

Port of Lisbon hit by ransomware.

Portugal’s Port of Lisbon sustained a cyberattack that took its website offline, CyberNews reports. The extent of the attack is unclear, though port officials stated that operational activity was not compromised. The LockBit gang has claimed responsibility, and also claims to have stolen financial reports, cargo and crew information, customer data, mail correspondence, and contracts. The gang is threatening to publish the stolen data if the ransom isn’t paid by January 18th.

Ohio town suffers LockBit attack.

The town of Mount Vernon, Ohio, was hit by LockBit ransomware on December 19th, the Record reports. The town of 17,000 released the following statement last week:

“On Monday, Dec. 19, 2022, the City of Mount Vernon was made aware of a data breach that occurred at about 3 a.m. that morning.

“The breach occurred through a remote access tool utilized by the City’s information technology (IT) provider, which also affected other clients of that provider. The intruder installed ransomware known as Lockbit, requesting a ransom for access to certain files.

“The impacted departments in the City were Mount Vernon Municipal Court, the Police Department, Auditor’s office and Public Works. The City and its IT provider spent much of last week working to restore these systems by utilizing backup data, and the vulnerable software has been removed from all systems. At this time, the City does not believe that any documents with personal identifiable information (PII) have been removed, or accessed, from City systems.

“The City is working with its insurance provider to have an independent evaluation of the breach conducted to ensure that no PII has been stolen. The City will continue to update the public regarding this situation as new information is received and, if necessary, perform the required notifications if any person’s personal information has been accessed.”

LockBit claims it has a conscience.

LockBit’s operators also claim they’re selective, and avoid hitting targets like hospitals. Thus, BleepingComputer reports,  the gang released, without charge, a decryptor for the ransomware used against SickKids, that is, the Toronto Hospital for Sick Children. The gang blamed an affiliate. “We formally apologize for the attack on sikkids.ca and give back the decryptor for free, the partner who attacked this hospital violated our rules, is blocked and is no longer in our affiliate program," they said.