LockBit had already attacked the medium-sized medical technology company Richard Wolf at the beginning of November, partially encrypting the systems and looting data. Since the company refused to pay, the stolen data is now on the dark web.
The globally active, medium-sized medical technology company Richard Wolf fell victim to a successful LockBit 3 attack on November 3.0rd. This was followed in a classic process by encrypting some systems and extracting some data.
No ransom paid to LockBit
However, the company did not agree to the blackmail and did not pay any ransom. In the meantime, LockBit has published the data on the dark web. Only the company can judge whether the data is real and important. But the medical technology company Richard Wolf certainly did not help finance any further attacks on its and other systems. Because that is the case as soon as blackmailed companies pay.
The company dealt with the attack very transparently from the start and not only informed the authorities, but also all customers and the media. The company states on its website that it is slowly returning to normal operations. Regarding the attack, the following was said: “Following the cyber attack at the beginning of November, the work on forensic analysis, cleanup and recommissioning of the IT systems is still in full swing.
The company's telephony and the majority of all personal e-mail accounts for the workforce have returned to normal operation. The previous restrictions in the IT of the company's logistics are expected to be removed by the end of the week. When restarting the IT services, Richard Wolf GmbH relies on a multi-stage security process accompanied by external IT forensic experts in order to prevent the systems from being infested again and possible backdoors being opened by cybercriminals.”….
State Criminal Police Office was turned on
“…..A complete cleanup and restoration of all systems has already started again with the support of external cyber security consultants and in coordination with the investigators of the State Criminal Police Office. However, it must be prevented that the new systems and their new protective measures can be infiltrated and attacked again through back doors or unnoticed infected files. Therefore, extreme care and caution must be exercised here and only step-by-step commissioning is possible. Further short-term restrictions in digital communication and accessibility cannot therefore be ruled out.
2022: A year with many attacks
This attack adds another entry to the list of attacked companies. Before that, it already had companies of a similar size as Knauf building materials, Hygiene article manufacturer CWS and Medicare and Electronics manufacturer Semikron met. Also the IHK once had to report the loss of their website. Even at Metro had to be cashed in by hand. All companies have had problems with their systems for a long time. But everyone communicated the attack openly and informed their customers.
More at Richard-Wolf.com