Latest Ransomware Attack Targets Sabre UK, Restar, and Citizens Bank of West Virginia

Latest Ransomware Attack Targets Sabre UK, Restar, and Citizens Bank of West Virginia
We may receive commissions for purchases made through links on our website. We appreciate your support.

As is apparent from recent events, no company is safe from being targeted by ransomware groups which aim to access personal data and extort the company for money in exchange for deletion.

The most recent of these attacks were carried out by a ransomware group by the name of Lockbit 3.0, and the most notable victims of these attacks include Sabre Insurance UK, Restar Holdings (Japan), and the Citizens Bank of West Virginia.

Let’s look further into what these attacks mean for the affected companies, their stakeholders, and how you can keep your personal data safe from ransomware.

The Data Breaches - Publish Date, Effects, Who’s at Risk

The announcement of the leak was published by Lockbit on the 20th of November for Sabre Insurance UK, and 7th December for the Citizens Bank of West Virginia andRestar Holdings Corporation. A large part of Restar Holding’s private information was published in the form of three Mega (dot NZ) uploads. This serves as an example for all companies that fall victim to the ransomware group - they do not shy away from publishing the leaked information.

Lockbit 3.0 is currently demanding $50,000 from Restar Holdings to destroy all the published information, which is down from the egregious $2,500,000 they originally demanded (but were not paid).

For Sabre, the ransom has been put at $900,000 to destroy all information, with the timer being set at 2 days until publication (if they do not receive payment). As for the Citizens Bank of West Virginia, the situation is in a dire state as they have less than 10 hours to pay the $799,000 ransom, else their confidential information is likely to be leaked the same as it has for Restar Holdings.

ransom amount listed on lockbit's site


ransom amount listed on lockbit's site

Ransom amount as listed on LockBit’s site.

As for what the data breaches actually contain, Lockbit has published a number of images for each of these companies as proof. On reviewing these images, it’s apparent that they have access to numerous confidential files and a lot of data that compromises the identities of multiple stakeholders.

For each of these companies, this includes the personally identifying information of customers, employees, investors, and the company’s sensitive financial data. For Restar, the recently published information also contains usernames and passwords of various users within the company. The following image shows an example of the proof published by Lockbit against Sabre Insurance UK.

Personally identifiable information blurred to protect the identity of the victim; the original image shows all details uncensored.

*Personally identifiable information blurred to protect the identity of the victim; the original image shows all details uncensored.

Although we don’t exactly know how much data has been stolen by the ransomware group, considering the published information about Restar Holdings and the group’s past attacks, it’s safe to assume that all of their stakeholders are at risk. The total number of people affected is likely well above a hundred thousand at this point.

Affected Companies’ Statements

As of the time of writing, there have been no public statements from any of the three companies about the ransomware attack. Considering the fact that Lockbit has published proof of the breaches, not responding to their threats could put thousands of people at risk of having their private information published.

This is particularly critical for the Citizens Bank of West Virginia, whose data (as well as chat history with Lockbit 3.0) is to be published in less than a day.

Information about Citizens Bank of West Virginia on LockBit’s site.

Information about Citizens Bank of West Virginia on LockBit’s site.

About Lockbit 3.0 and Their Past Attacks

Lockbit 3.0 is the latest version of the ransomware group that goes by the name of “Lockbit.” The group has been notorious in targeting a huge volume of attacks on several different kinds of business across the globe. A quick look at their past attacks on the UK’s Royal Mail postal service shows that no one is safe from their point-and-click malware.

The group has notoriety from the fact that they target a lot of businesses - and they succeed in hacking them. While other ransomware groups have had their fare share of success in this form of crime, Lockbit is more often in the frontlines owing to its notoriety in terms of attack volume and frequency.

Their most recent attacks on Sabre, Restar, and Citizens WV are only the tip of the iceberg when we look at the list of their victims, with a large number of smaller businesses also being extorted in the same way.

How You Can Prevent Your Data From Being Stolen

Protecting yourself and your business from ransomware attacks requires a combination of robust cybersecurity practices, employee training, and proactive measures. For comprehensive protection, it’s best to consult a cybersecurity expert about how you can prevent your data from being stolen. Here are some things you should keep in mind:

  • Train your employees so they always stay updated with latest cybersecurity trends
  • Make sure all applications and systems are up to date with the latest security patches.
  • Use an antivirus such as TotalAV.
  • Regularly create backups of your data.
  • Enable multi-factor authentication (MFA).
  • Constantly monitor and audit network activity.

Strengthen Your Cybersecurity With Proactive Measures

Ransomware groups have been present for a very long time, with LockBit 3.0 being a prime example of this. As three large companies (among many others) have been infected and successfully hacked by LockBit’s ransomware, hundreds of thousands of stakeholders are put at risk of having their personally identifiable information published.

In light of this, it’s crucial to make sure you’re taking all of the steps necessary to keep your data safe - as an individual and as a business owner. Follow best practices, stay up-to-date, and never click on a link that looks suspicious.