On Saturday morning hackers at an organisation known as Lockbit launched an attack on the computer software network at the Calvia council. They were successful and have effectively hijacked the computer network and are demanding a ransom of 10 million euros. The Calvia council have said that there will not be paying and have recruited computer specialists to fight back.
In the United States between January 2020 and May 2023, Lockbit was used in approximately 1,700 ransomware attacks, totaling $91 million in paid ransom to hackers. Government agencies did not formally attribute the group to any nation-state. Software with the name "LockBit" appeared on a Russian-language based cybercrime forum in January 2020. The group is financially-motivated.
In October 2023, Lockbit claimed to have stolen sensitive data from Boeing. Boeing acknowledged they were aware of a cyber incident affecting some of their parts and distribution business a few days later, though it did not affect flight safety and they did not name the suspected attackers. Other victims have included the Royal Mail.
LockBit operators frequently gain initial access by exploiting vulnerable Remote Desktop Protocol (RDP) servers or compromised credentials purchased from affiliates. Initial access vectors also include phishing emails with malicious attachments or links, brute forcing weak RDP or VPN passwords, and exploiting vulnerabilities like CVE-2018-13379 in Fortinet VPNs.