{"id":6772,"date":"2024-01-29T12:32:52","date_gmt":"2024-01-29T12:32:52","guid":{"rendered":"\/cybersecurity-blog\/?p=6772"},"modified":"2025-01-31T06:55:47","modified_gmt":"2025-01-31T06:55:47","slug":"lockbit-ransomware-attack","status":"publish","type":"post","link":"https:\/\/any.run\/cybersecurity-blog\/lockbit-ransomware-attack\/","title":{"rendered":"LockBit Ransomware Attack on Calvi\u00e0: a Recent Reminder Why Organizations Need Strong Cybersecurity Basics\u00a0"},"content":{"rendered":"\n

<\/p>\n\n\n\n

Ransomware groups are becoming bolder, targeting both government and corporate entities. At ANY.RUN<\/a>, our sandbox is used by over 300,000 researchers who process tens of thousands of malware submissions every day, including ransomware. In this article we\u2019ll aim to provide insight into the Calvi\u00e0 city attack and share information about the threat encountered. <\/p>\n\n\n\n

What happened in Calvi\u00e0? <\/h2>\n\n\n\n

You might have heard that in Majorca, Spain, the city of Calvi\u00e0, a key tourist destination, has been hit by a ransomware attack, causing significant disruption to its municipal services. <\/p>\n\n\n\n

Calvi\u00e0, with a population of 50,000 and an annual tourist influx of 1.6 million visitors, has faced IT outages leading to the suspension of all administrative deadlines for submissions and requests until January 31, 2024. <\/p>\n\n\n\n

Although no major ransomware group has claimed responsibility for the attack, local media reports indicate the attackers demanded \u20ac10 million (about $11 million). The mayor has stated that the city will not pay the ransom. <\/p>\n\n\n\n

Despite the challenge, we at ANY.RUN consistently advise against complying with cybercriminals’ demands. Doing so only encourages them to continue their harmful activities. <\/p>\n\n\n\n

The city’s mayor, Juan Antonio Amengual, revealed that IT specialists are working on a forensic analysis to understand the full scope of the breach and recover affected systems. <\/p>\n\n\n\n

At this point, we know that the threat Calvi\u00e0 municipality faced was the Lo\u0441kBit ransomware. <\/p>\n\n\n\n

What is LockBit Ransomware? <\/h2>\n\n\n\n

LockBit is a ransomware that primarily targets Windows computers but can also encrypt files on Linux and MacOS machines. It is operated by a hacker group that promotes it as the “fastest encryption software in the world.” LockBit is a Ransomware-as-a-Service (RaaS) operation, where they sell access to their ransomware on underground forums, contributing to its widespread use \u2014 this means that it is likely the attack on Calvi\u00e0 wasn\u2019t specifically carried out personally by LockBit creators, but rather by someone who bought access to a control panel from them. <\/p>\n\n\n\n\n

\n\n

\nGet the latest\n LockBit IOCs <\/span>from ANY.RUN\u2019s Malware Trends Tracker\u00a0 \n<\/p>\n\n\nCollect IOCs\n<\/a>\n<\/div>\n\n\n\n