LockBit ransomware group claimed the alleged cyberattack on the Romanian Association for International Road Transport (ARTRI). The group added ransom details on its leak site, including the amount demanded over the Romanian Transport cyber attack, the deadline to pay the ransom, and the amount to delete the information.
Romanian transport cyberattack: Association vs. LockBit
According to the leak site post published on April 10, the LockBit ransomware group threatened to publish all the available data if the Romanian transport cyber attack ransom was not paid. The LockBit ransomware group gave a deadline of April 18 to the Romanian non-profit transport organization to pay the ransom.
The amount to be paid by the targeted organization if it wanted to extend the deadline for ransom payment by a day was, surprisingly, $1.
LockBit ransomware group demanded $30,000 to destroy all the data from the alleged cyberattack on the Romanian Association for International Road Transport.
The same amount of $30,000 was to be paid by the target if they wanted to download the stolen data at any time.
The Cyber Express reached out to ARTRI for comment, and we are yet to receive a reply from them. Meanwhile, the Romanian Association for International Road Transport website remained accessible at the time of publishing this report.
LockBit ransomware group
One of the most active cybercriminals, the LockBit ransomware group has been targeting global organizations since September 2019. The group has targeted organizations from India, China, Ukraine, the United States of America, etc.
Their ransomware strain used by the LockBit ransomware group adds the .abcd extension to files before leaving a ransom note. In another variant, the group adds a .LockBit extension to encrypted files. Similarly, they have been found to add the .LockBit version 2 as the extension is a few of their cyberattacks.
The LockBit ransomware group uses a self-spreading technique across networks instead of the method requiring manual direction or commands.
To defend against LockBit ransomware group’s attacks, it is strongly urged to have the best authentication measures adopted. Regularly changing passwords and maintaining a strong password along with opting for multi-factor authentication can prevent LockBit cyberattacks to a large extent.
Enterprise cybersecurity solutions are a must for the prompt detection of incoming attacks.
Romanian transport cyberattack: Other victims on the sector
The Romanian Association for International Road Transport was established in January 1959. It is a non-governmental organization that is also a part of the United Nations Global Compact and the Global Compact Romania network.
It offers various services related to road transport, administrative support, and logistic facilities among others. The European transportation sector has been in the cybersecurity news for continuous ransomware attacks.
According to a new report from ENISA, the European Union Agency for Cybersecurity, the number of ransomware incidents in the European transportation sector went up from 13% in 2021 to 25% in 2022, with the most targeted countries being the UK, Germany, and France.
Lithanian transportation and warehousing logistics services Vlantana and UAB RUSKO faced a ransomware attack in March victims, The Cyber Express reported in March.
The ongoing pattern of attacks indicate that the hit on on Vlantana and RUSKO’s websites is part of a larger campaign aimed at disrupting the operations of European logistics and transportation companies, the report found.
Data-related threats, such as breaches and leaks, are also a significant concern for the transport sector. Cybercriminals are increasingly targeting sensitive information like credentials, employee and customer data, and intellectual property for financial gain.
While there is no indication that specific threat groups are exclusively targeting the transport sector, attacks appear to be opportunistic in nature.
Ransomware attacks and improper disclosure
The ENISA report said it conducted an analysis of cyber incidents in the EU, drawing on data from multiple sources.
However, the organization acknowledges that its findings are limited to incidents that were officially reported and publicly disclosed. It is likely that there are many unreported incidents that are not reflected in the data.
Despite legal requirements for mandatory incident reporting, cyberattacks are often disclosed by the attackers themselves, which can make it difficult for organizations to assess the full extent of the threat landscape.
To address this issue, the EU has implemented the revised Directive on measures for a high common level of cybersecurity across the Union (NIS2), which includes additional notification provisions for security incidents.
These measures aim to improve incident reporting and provide a more comprehensive understanding of the threat landscape.