State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Ransomware Group LockBit Remains Prominent Threat as Wabtec and Other Organizations Are Compromised

NJCCIC Alert

Original Release Date: 1/5/2023

Summary

On January 3, transportation solutions company Wabtec Corporation released a notification regarding a cyberattack and subsequent data breach that affected specific systems as early as March. In August, ransomware group LockBit leaked all exfiltrated data from the company, presumably due to Wabtec not paying the ransom. A portion of the exfiltrated data was personally identifiable information (PII) of an unknown number of individuals associated with Wabtec and included first and last names, dates of birth, Social Security numbers, passport numbers, employer identification numbers, health insurance information, sexual orientation, payment card information, account usernames and passwords, biometric information, race and ethnicity, criminal offenses, religious beliefs, and union affiliations. Wabtec alerted affected users that their data was compromised on December 30. Wabtec warned that users should monitor their accounts for fraudulent activity and maintain awareness of identity theft attempts.

The LockBit ransomware-as-a-service (RaaS) group remains a prevalent ransomware threat. On January 3, the Housing Authority of the City of Los Angeles (HACLA) also reported a cyberattack originating from LockBit, which threatened to release 15 terabytes of exfiltrated data from HACLA on January 12 unless an undisclosed ransom was paid. Outside of the United States, Portugal’s Port of Lisbon, one of the most widely used ports in Europe, announced on December 25 that the ransomware group targeted its website. The exfiltrated data included financial reports, audits, budgets, contracts, shop logs, and crew information. In response to the attack, the port’s website was taken offline for several days. Cybersecurity researchers have attributed over 1,020 attacks to LockBit since its inception, with the group’s targets including government agencies, hospitals, and businesses worldwide.

Recommendations

The NJCCIC recommends that individuals whose PII was compromised change account credentials, implement multi-factor authentication (MFA) where applicable, and monitor their financial, work, and personal accounts for identity theft.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.