Global Zipper Maker Hit with LockBit Breach

The company says it "contained the threat before significant damage was done."

The ransomware group Lockbit employed their Lockbit 3.0 malware strain to attack a major zipper manufacturer called YKK Group. The cyber gang did not disclose details of the data breach, but a dark web blog post said the Japanese company had 14 days to meet demands.

CyberNews.com reported that the YKK breach was posted on LockBit’s blog on June 2. However, the only information provided by the ransomware group is that it would publish all available data on June 16. 

Industrial Media contacted YKK to request a comment on the LockBit breach, and Jessica Cork, the vice president of community engagement and corporate communications for YKK Corporation of America, responded by saying, “Upon discovering that YKK USA’s network was the target of a cyber attack, our team contained the threat before significant damage was done or sensitive information was exfiltrated.” 

The comment went on to say that the incident did not have a material impact on the company’s operations or its ability to serve customers. Cork also claimed that YKK did not pay a ransom. 

YKK Group, whose fastening business also offers plastic hardware, hook and loop and snaps and buttons products, operates over 100 companies and employs over 44,000 workers globally. The company’s 2022 Integrated Report revealed net sales of nearly $5.7 billion and an operating income of about $429 million.

LockBit is a Russian Ransomware as a Service (RaaS) group that is widely regarded as the most frequent and successful attacker of the industrial sector. Most analysts attribute LockBit to at least twice as many attacks as the next most prominent RaaS group.

Their software, which goes by the same name, has continued to evolve and is currently in its third iteration. It deploys an absolutely brutal approach. Rather than taking a “spray and pray” approach that looks for any possible vulnerability to exploit, LockBit targets the most critical systems. It infiltrates and shuts them down, triggering the ransom portion of the attack. 

LockBit has also become a bit of a pioneer in their professionalism. Their hacks include notes with very concise and, in their own way, comforting direction on how to proceed with payment and the decryption codes needed to resume operations. 

The Cybersecurity & Infrastructure Security Agency described this variant as more modular and evasive than previous versions and said affiliates that deploy LockBit 3.0 could gain initial access to victim networks through multiple methods, including remote desktop protocol exploitation and abuse of valid accounts.

The Department of Justice estimates that Lockbit affiliates have performed over 1,400 attacks globally, issued over $100 million in demands and received over $75 million in payments … that we know about. The vast majority of these attacks, especially in the industrial community, often go unreported.

If you’d like to learn more about ransomware attacks and the groups behind them, take a look at a new report from Industrial Media entitled The Industrial Sector’s New Battlefield by clicking on the link in the text below.

More in News