Recent news articles have shone a light on LockBit’s current operations which seem to be yielding results in encrypting data and putting a halt to several organizations' operations. The most recent of which is Essendant, a wholesale distributor of stationery and office supplies owned by Staples. The company generates over 5.4 billion USD in annual revenue and employs more than 6,400 people.
Initially, Bleeping Computer reported that Essendant was suffering a major service outage on March 12, 2023.
The service outage prevented customers from placing orders online and the company’s ability to fulfill orders. The outage is understood to have begun on March 6, 2023, and Essendant appears to be still making recovery efforts at the time of writing. During this time, customers have not been able to place orders or contact Essendant's customer care services.
A nightmare for any business dependent on the fast delivery of paid-for goods. On March 15, 2023, the company published an update, stating,
“We’re pleased to report we have reached another important milestone and want to provide an update on the next steps in our recovery process. First, per our anticipated schedule, we successfully completed the clean-up effort on orders that had been in process for distribution at the time of disruption. This significant effort involved the physical capabilities in our distribution facilities and included restoration of more than 150,000 cartons in mid-stage back to inventory. This is just one of many examples of the tremendous work performed by our teams so far this week. As a result, we are now able to move into the next phase of system testing and recovery. Tomorrow, March 16, 2023, we will begin the first steps in the next phase of our work to establish connections with Essendant’s systems and electronic feeds. This is inclusive of end-to-end testing that must be successful before we can launch limited pick, pack, and ship capabilities.”
At the time Bleeping Computer published its article it was still up in the air as to whether the outage was a result of a technical issue or something far more malicious. On March 15, 2023, Bleeping Computer published an article noting that LockBit ransomware operators were claiming responsibility for the attack.
The ransomware operation used its data leak site to make the announcement on March 14, 2023. Essendant despite claims to the contrary still claimed the event was a mere network outage stating,
“Essendant experienced a network outage on Monday, March 6, 2023, resulting in the disruption of certain of our systems. The incident, which was limited to the Essendant network, disrupted certain systems and operations for customers, suppliers, and our carriers. The company mobilized a dedicated team of cross-functional experts who have worked expeditiously to restore all systems as quickly and securely as possible and investigate the nature of the outage.”
The truth might take some time to come out but the result of the ransomware attack, or network outage depending on who you believe, has left many customers in the lurch unable to do their jobs efficiently, let alone Essendant’s own employees.
The Victim List Keeps Growing
LockBit, now on its third iteration, has a habit of being able to take out a victim’s entire operation for extended periods. This was certainly the case with the UK's largest mail delivery service, Royal Mail which suffered outages to several services for several days.
On March 13, 2023, LockBit operators were again to make it public they scalped another high-profile victim. This time operators announced they had stolen and encrypted data belonging to Maximum Industries, a contractor on SpaceX’s books. The Register reported that,
“Ransomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and stole 3,000 proprietary schematics developed by Elon Musk's rocketeers. The prolific cybercrime crew also mocked the SpaceX supremo, and threatened to leak or sell on the blueprints from March 20 if the gang's demands to pay up aren't met. This may therefore be a bill Musk can't avoid to reconcile, unlike others, reportedly.”
A response from either Maximum Industries or SpaceX has not been forthcoming, and it still needs to be confirmed if Maximum Industries did indeed suffer a data breach let alone a ransomware attack. ION is yet another high-profile victim of LockBit.
The result of the attack was ION had to suspend trades using their software on several stock exchanges. This ultimately resulted in banks and brokers, who make use of the software, to manually process derivative trades.
The incident prompted the UK’s Financial Conduct Authority (FCA) to investigate the incident noting that they are "aware of this incident and we will continue to work with our counterparts and the firms affected." The FCA regulates British banks and financial services companies.
ION, a third-party software developer, isn't an FCA-regulated business, however, it does provide services to several firms that do fall under the agency's purview.
The ransomware news cycle continues, one week some good news but most of it bad. It is clear that ransomware is still a major hurdle faced by organizations, regardless of the size of the business.