Kearney & Company Data Likely Stolen by LockBit 3.0 Ransomware Gang

A bit more on K&C

• Among the largest CPA firms in the country, Kearney provides services across the financial management spectrum for government entities. Services offered by the company include auditing, consulting, and information technology. In addition, it has improved the efficiency and effectiveness of the Federal Government's financial operations.
• The Lockbit 3.0 gang added Kearney & Company to its list of victims on November 05. If Kearney & Company does not pay the ransom by November 26, 2022, the data will be published. An example of the stolen data is being published by the ransomware gang at the moment, which includes financial documents, contracts, audit reports, and billing records.
• The ransomware gang is demanding the payment of $2M to destroy the stolen data and $10K to extend the timer for 24H.

Recent attacks and developments

• LockBit ransomware groups recently claimed responsibility for hacking Continental and Thales, two major defense companies.
• Earlier this week, LockBit 3.0 was seen spreading via Amadey Bot, found by the ASEC analysis team.

Lockbit’s self-development program

• With the launch of LockBit 3.0, the ransomware group introduced new extortion tactics and accepts Zcash as payment.
• LockBit 3.0 attempted to tempt researchers to share bug bounty reports and, in turn, promised rewards ranging between $1,000 and $1 million.
• LockBit ransomware reportedly pays hefty bounties for brilliant ideas on improving the ransomware operation and for doxxing the affiliate program manager.

LockBit’s, a much more aggressive ransomware

• Researchers at DarkFeed found that LockBit affiliates claimed 103 victims in September alone.
• In Q2 2022, LockBit held the record for the most victims (231) among cybercrime groups, according to a report by Digital Shadows.
• Throughout its history, LockBit has affected 1,157 victims, far more than Conti (900), Hive (192), and BlackCat (177).

Closing thoughts