LockBit 3.0 ransomware group has claimed responsibility for the Washington County Sheriff’s Office in Florida, USA. The Sheriff’s office later disclosed that its operational services were down.
Early on February 21, the Washington County Sheriff’s Office was targeted by a ransomware cyber attack, which went on for a couple of days.
The ransom note says that the data was uploaded on 27 February. The deadline for ransom payment is 20 March.
The ransomware attack locked the finance and jail computer systems, putting the WCSO IT staff and a private IT company on overdrive to resolve the issue, reported the Washington County News.
Sheriff Kevin Crews told the news service that the attack might have originated from Russia. Despite the attack, the calls for service and communication with officers are still functioning as usual.
According to the news report, Crews refused to confirm whether it was a ransomware attack, but he stated that the government will not comply with the demands of any cybercriminal groups.
Along with naming the Washington County Sherrif’s Office in its victim list, LockBit also named the White Settlement Independent School District on its leak site.
The Washington County Sherrifs Office in Florida and the White Settlement Independent School District have been posted by LockBit.
/wcso.us
/wsisd.com#cybersecurity #infosec #lockbit @FBI pic.twitter.com/8eKHCHiCpQ
— Dominic Alvieri (@AlvieriD) February 27, 2023
LockBit 3.0, ransomware attack, and US government
The US local governance bodies have been the preferred targets of the LockBit 3.0 ransomware gang.
The group on February 14 claimed responsibility for the attack on the Hidalgo County Adult Probation Center, a week after reports came out that the county systems were infected with ransomware.
Hidalgo County is in the US state of Texas. Republicans John Cornyn and Ted Cruz are the current Senators from Texas.
The attack was noticed over the February 3-5 weekend. The ransom note indicates that a payment was not made. In a ransom note posted on 14 February, the ransomware gang has listed 6 March as the deadline for payment.
Early in January, LockBit ransomware gang attacked the Circleville Municipal Court, USA, and later posted the details on its leak site.
The ransomware group then claimed to steal over 500GB of data from the systems. The post on the leak site mentioned 21 January as the deadline to pay the ransom.
Department of Finance in California became a LockBit 3.0 victim in December 2022. The group claimed that it had stolen 76 GB of data from the department via a post on dark web forums. The threat actor reportedly demanded an undisclosed ransom and given the agency a deadline of December 24, 2022.
LockBit 3.0 ransomware: More potent, wider attack
The Lockbit ransomware family has recently unveiled its latest malware strain, Lockbit 3.0. This ransomware was first identified in September 2019, but it was Lockbit 2.0, which emerged in 2021, that propelled the gang to notoriety.
The latest strain, Lockbit 3.0, is even more potent than Lockbit 2.0 and includes a double extortion model, researchers note.
“Portions of LockBit 3.0’s code seem to be borrowed from the BlackMatter ransomware, hence the nickname LockBit Black. Likewise, we found similarities between BlackMatter and the new LockBit variant during our debugging of the LockBit 3.0 sample,” said a Trend Micro analysis of LockBit 3.0.
“From our examination of the unpacked sample and an analysis provided by the researcher Chuong Dong, we discovered that LockBit 3.0 requires a pass parameter to decrypt its main routine.”