Threat Watch

Southampton County Confirms Lockbit 3.0 Ransomware Attack

A ransomware attack has affected Southampton County in Virginia, according to reports. A server at the county office was compromised in September which led to the data stored on it being encrypted. Following a thorough investigation, it was revealed that names, addresses, driver’s license numbers, and Social Security numbers were potentially accessed. Southampton County did not believe that any information was removed from the server due to the quick action that was taken; however, a W-2 form appeared on a criminal marketplace and the owner took claim of the attack and stated they removed data. Southampton then acknowledged that some of the accessed data had been posted online. Later in the month of September, Lockbit 3.0 took credit for the attack after multiple posts on their leak sites. The posts on those leak sites are small previews in order to publicly establish that they have access to the data. LockBit stated that they are willing delete all data, or give access to it: both of these extortive options cost $90,000.

ANALYST NOTES

Free credit and identity monitoring has been offered to those impacted by the event; it is highly recommended that affected users should take advantage of these services. Throughout the investigation process, no evidence of misuse or redistribution of the information was found by Southampton County. However, this assertion of low impact was proven to be false after snippets of data were posted, demonstrating the uncertainty and risks that emerge in the aftermath of ransomware attacks. If any suspicious activity is noticed by affected parties, they should contact the county and report it.

https://www.securityweek.com/virginia-county-confirms-personal-information-stolen-ransomware-attack?&web_view=true