British mesh fencing systems maker Zaun has disclosed a LockBit ransomware attack that potentially led to the compromise of data related to UK military and intelligence sites.
Headquartered in Wolverhampton, Zaun specializes in high-security perimeter fencing products used by prisons, military bases, and utilities.
In a data breach notice posted on September 1, Zaun announced that the cyberattack occurred in early August, that it was able to thwart it before data was encrypted, and that its services were not interrupted by the incident.
According to the company, although file-encrypting ransomware was not executed on its systems, the LockBit ransomware group did manage to exfiltrate data from the network.
“At the time of the attack, we believed that our cyber-security software had thwarted any transfer of data. However, we can now confirm that during the attack LockBit managed to download some data,” the company says.
Zaun notes that all its fencing products are typically used to “separate the public from the secure asset”, meaning that they are on public display and that the attackers would gain no advantage from the compromised data.
“LockBit will have potentially gained access to some historic emails, orders, drawings and project files, we do not believe that any classified documents were stored on the system or have been compromised. We are in contact with relevant agencies and will keep these updated as more information becomes available,” the company says.
However, Zaun also acknowledges that the ransomware group has since made the stolen data public on the internet. Some of the information appears related to UK military, intelligence, and research bases.
As part of the cyberattack, the LockBit gang first compromised a Windows 7 computer running software for a manufacturing machine, and likely only exfiltrated data from that system, Zaun says.
Active since at least 2020 and operating under the Ransomware-as-a-Service (RaaS) model, LockBit was responsible for roughly one-fifth of the ransomware attacks observed in Australia, Canada, New Zealand, and the US last year, and is believed to have received more than $91 million in ransom payments.
“LockBit has already been responsible for some of this year’s biggest cyberattacks as well as the exploitation of the MOVEit vulnerability. The significance of this attack is that by undermining IT security, it is also possible to undermine the physical security of its customers,” WithSecure cybersecurity advisory Paul Brucciani said in an emailed comment.
Related: Russian National Arrested, Charged in US Over Role in LockBit Ransomware Attacks
Related: US Government Warns Organizations of LockBit 3.0 Ransomware Attacks
Related: LockBit Ransomware Group Developing Malware to Encrypt Files on macOS