Lockbit 3.0: A threat to corporate IT security
Ransomware with a global reach
Since its appearance in 2019, Lockbit 3.0 has been one of the most formidable ransomware programs in the digital world. With over 1700 attacks listed worldwide since 2020, including renowned companies such as Thales, Continental and TSMC, its presence poses a serious threat to organizations IT security.
Decline of a giant
February 20, 2024 marked a turning point in the fight against this threat, with the dismantling of Lockbit during a vast international police operation named 'cronos'. Coordinated by Europol and the National Crime Agency, this investigation launched in 2022 resulted in the seizure of almost 200 crypto-currency wallets, the dismantling of 34 servers and the recovery of over 1,000 decryption keys worldwide.
Following this intervention, the LockBit 3.0 showcase site was no longer accessible, nor was the portal used for negotiations. Instead, an image was displayed with the message: "This site is now under law enforcement control".
An unexpected comeback
However, despite these efforts, Lockbit is still active. On February 25, 2024, the group relaunched its activities with a new showcase site based on the same structure as the old one, with already, new victims. In addition, a statement against the FBI and the 'cronos' operation was released.
Lockbit examined the vectors that facilitated the law enforcement operation. The head of the group acknowledged his errors, admitting "negligence" and "lack of responsibility" in delaying the update of Lockbit PHP servers. This oversight gave the authorities the opportunity to exploit a security flaw in the PHP programming language.
News
A major food industry company engaged DATIVE to regain control over its OT network. Through a full asset inventory and both logical and physical mapping, the site was able to rediscover its true industrial architecture, secure its operations, and strengthen its cybersecurity posture.
Industrial projects involving hydrogen impose particularly high standards. Safety, reliability and operational continuity are inseparable. DATIVE supports an industrial client specialising in the development of carbon-free hydrogen solutions. Its business relies on sensitive industrial infrastructure subject to stringent technical and regulatory constraints. In this context, industrial cybersecurity cannot be limited to a theoretical or generic approach. It must be finely integrated into the actual operation of the facilities and support operational performance. We are currently supporting this client on key OT cybersecurity issues. Our objective is to provide visibility, secure exchanges and enable informed technical decisions.
In the pharmaceutical sector, industrial cybersecurity is no longer just about protecting sensitive data. It now underpins the reliability of every medicine produced, the continuity of production, and the trust placed by health authorities. Faced with interconnected OT infrastructures, strict regulatory obligations and critical public health stakes, DATIVE supports manufacturers in securing their critical environments and sustainably improving their operational performance.
When an industrial network becomes unstable, pharmaceutical production feels the impact immediately. We were engaged to understand, diagnose, and stabilize an environment where each interruption could jeopardize the production of a vital drug. Here is how our team conducted the network audit for a global pharmaceutical leader to restore performance, stability, and cybersecurity.
A local authority in Savoie operating around twenty wastewater treatment plants (WWTPs) tasked our DATIVE experts with an industrial cybersecurity assessment. Objective: identify OT vulnerabilities, secure the infrastructure, and build a robust action plan to reinforce resilience against cyber threats.