LockBit 3.0 Unverified Attacks On KBC Zagreb, PT Latinusa Tbk

The nefarious LockBit 3.0 ransomware group has struck once again, targeting unsuspecting victims in their latest wave of attacks. The recent victims to fall prey to the LockBit 3.0 ransomware attack are KBC Zagreb in Croatia and PT Latinusa Tbk in Indonesia.

The authenticity of the LockBit group’s claims regarding the cyberattack on KBC Zagreb and PT Latinusa Tbk remain shrouded in uncertainty.

On July 1, 2024, LockBit claimed to have targeted KBC Zagreb which is the largest and most advanced Croatian hospital. According to its website, the medical facility was established in 1942 in the capital city of Zagreb and serves around 10,000 citizens every day across two main campuses and three other locations in the city.

On Monday, LockBit ransomware named KBC Zagreb as its latest victim on its dark leak site. In its post, LockBit said, “KBC Zagreb is a company that operates in the hospital and healthcare industry. It employs 2,001-5,000 people and has $500M- $1B of revenue.”

The cyber attacker claimed to have accessed sensitive data of the hospital which includes “medical records, patient exams and studies, research papers of doctors, surgery, organ and donor data, organ and tissue banks, employee data, addresses, phone numbers, employee legal documents, data on donations and relationships with private companies, donation book; medication reserve data; personal data breach reports and much more.”

To substantiate its claims, the group uploaded 12 documents as proof which allegedly contained sensitive information of the data breach from the hospital. Lockbit has mentioned that deadline for ransom as July 18.

The ransomware attack on KBC Zagreb comes barely a week after the hospital faced a cyberattack by infamous Russian actor “NoName057 (16).” The attack on the intervening night of June 24 and 25, forced the hospital to shut down its entire IT infrastructure.   The attack significantly damaged the hospital’s digital systems, causing a temporary rollback to manual processes.

According to news reports, during that attack, Milivoj Novak, assistant director of health care, quality and supervision of KBC Zagreb, said that the shutdown took the hospital back 50 years – to paper and pencil. The hospital also confirmed significant delays due to the cyberattack and that some patients were redirected to other hospitals.

The other ransomware victim claimed by the LockBit 3.0 ransomware group is PT. Pelat Timah Nusantara (Latinusa), Tbk.  PT Latinusa Tbk is the first and the only tinplate producer in Indonesia and founded in 1982.

The hackers allegedly exfiltrated internal and external audit documents of the company apart from claims, budgets, analysis, and finance private information. LockBit’s deadline for the ransom is July 3.

Despite assertions of successful infiltration and data compromise, the official websites of the targeted companies appear to be fully operational, raising doubts on the veracity of the LockBit’s claims.

The Cyber Express Team tried to substantiate LockBit 3.0 ransomware attack claims by reaching out to KBC Zagreb and PT. Pelat Timah Nusantara officials for clarification. However, at of the time of this report, there has been no official response or public statement from the victims, leaving the LockBit 3.0 ransomware attack claim unverified.

LockBit 3.0 Continues Cyberattacks Despite Developer’s Arrest

Recently, the Ukraine National Police arrested a  28-year-old cryptor developer whom they claimed was involved in the LockBit and Conti ransomware groups. Despite the arrest, LockBit has shown an ability to continually regroup and reestablish threat activities, recently launching high-profile ransomware attacks such as one that the one on Monday.