California architecture firm DES on April 16, 2024 notified 1,144 victims that their personal data was stolen in a ransomware attack. The compromised data included financial account numbers, credit card numbers, Social Security numbers, names, passport numbers, medical information, health insurance information, and dates of birth.
The attack took place between September and October 2023, and DES discovered it on October 19, 2023. Ransomware gang Lockbit claimed the attack on its leak site in November. It demanded $380,000 in exchange for not selling or publicly releasing the data.
Lockbit posted chat logs on Darkfeed.io of a conversation it says took place between itself and someone negotiating on behalf of DES. In that chat, Lockbit demands $700,000, and DES requests assurances that the decryptor will work as promised. However, negotiations seem to break down after DES requests more time.
DES has not confirmed whether the chat logs are genuine. Comparitech contacted DES for comment and will update this article if it responds.
DES hasn’t stated whether it paid the ransom or how Lockbit managed to infiltrate its systems. It also hasn’t stated who the victims are, such as clients or employees.
We recommend victims take advantage of the free credit monitoring offered by DES via Experian. Keep an eye on your account statements, credit report, and tax returns for signs of suspicious activity. Be wary of phishing scams from attackers posing as DES or a related organization.
Who is Lockbit?
Lockbit is one of the most prolific ransomware gangs of the past few years, first appearing in 2019. The group is believed to be based out of Russia. Lockbit often extorts victims twice: once for a decryption key to restore systems, and again in exchange for not selling or publicly releasing data.
Lockbit’s attack vectors include remote desktop programs (RDP), credential theft, phishing, vulnerability exploitation, and brute-forcing weak passwords. Its past victims include Boeing, Fulton County, TSMC, the Royal Mail, and Accenture.
In February 2024, a joint US-UK law enforcement operation seized several of LockBit’s public-facing websites and two servers used to transfer stolen victim data. Officials say they obtained some of the encryption keys used by Lockbit, which could help victims regain access to their data.
According to our data, Lockbit was responsible for 189 attacks in 2023, and 16 confirmed attacks so far in 2024.
About DES Architects + Engineers
California-based DES is an architecture and engineering firm that designs and consults on large buildings. Its services include architecture, civil engineering, and interior design. Its past projects include many buildings around the San Francisco Bay.