LockBit 3.0 Ransomware Attack on Sonoco Products Company

Incident Date: May 07, 2024

Attack Overview
VICTIM
Sonoco Products Company
INDUSTRY
Manufacturing
LOCATION
USA
ATTACKER
Lockbit
FIRST REPORTED
May 7, 2024

Ransomware Attack on Sonoco Products Company by LockBit 3.0

Victim Company Profile

Sonoco Products Company is a global packaging solutions provider that has been operating since 1899, with a presence in more than 85 nations and 330 global plants. The company emphasizes sustainability and eco-friendly solutions, aiming to address various needs from delivering convenient snacks to reducing food waste and preserving the planet.

They offer packaging solutions for a wide range of markets, including protective packaging for goods like refrigerators and electronics. The company has made significant strides in enhancing its packaging solutions, such as introducing fully recyclable packaging solutions like the EnviroCan® and GreenCan®.

Company Vulnerabilities

Sonoco Products Company, being a global leader in packaging solutions, stands out in the industry due to its commitment to sustainability and innovative packaging solutions. Its extensive operations in over 85 countries and 330 global plants make it a prime target for threat actors like LockBit 3.0. The company's wide range of packaging solutions and services, catering to various markets, provides ample opportunities for cybercriminals to exploit vulnerabilities in their systems and launch ransomware attacks.

Ransomware Group Distinction

LockBit 3.0, also known as LockBit Black, distinguishes itself by being an advanced variant of the LockBit ransomware group. It encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study.

LockBit May Attacks

This is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group, resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos," a collaborative effort by international law enforcement agencies. Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform, with subsequent attacks adding to the tally. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.