LockBit 3.0 Ransomware Attack on Museu Paraense Emílio Goeldi

Incident Date: May 09, 2024

Attack Overview
VICTIM
Museu Paraense Emílio Goeldi
INDUSTRY
Education
LOCATION
Brazil
ATTACKER
Lockbit
FIRST REPORTED
May 9, 2024

Ransomware Attack on Museu Paraense Emílio Goeldi by LockBit 3.0

Victim Profile

The Museu Paraense Emílio Goeldi (MPEG) is a Brazilian research institution and museum located in Belém, Pará, Brazil. Founded in 1866, it is a federal research institution within the Brazilian Ministry of Science, Technology and Communication (MCTIC). The museum's primary focus is on the scientific study of natural and sociocultural systems in the Amazon area, contributing to the cultural memory and regional development of the region.

Company Size and Standout

The MPEG has a significant presence with a 5.4-hectare zoological and botanical park, a 10-hectare research campus, and a scientific station in the Caxiuanã national forest. It is the oldest scientific institution in the Amazon area, dedicated to the scientific study of natural and socio-cultural systems in the region.

Attack Details

The cyberattack on the Museu Paraense Emílio Goeldi by LockBit 3.0 resulted in the exfiltration of 2 GB of sensitive data, including personally identifiable information (PII) and financial data. The attackers utilized ransomware as their attack technique, encrypting files, modifying filenames, changing desktop wallpaper, and dropping a ransom note on the victim's desktop.

Industry Vulnerabilities

Being a prominent research institution, the organization holds valuable data related to biodiversity, natural sciences, and cultural heritage. This makes them a prime target for threat actors seeking to exploit sensitive information for financial gain or malicious purposes.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. It is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced features that make it harder to detect and defend against.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.