The LockBit ransomware group, infamous for its disruptive cyberattacks, is once again in the spotlight for allegedly carrying out a ransomware attack on Homeland Vinyl. The US-based Homeland Vinyl manufactures a diverse portfolio of vinyl profiles, including its proprietary decking and railing systems. The LockBit group alleges that they have exfiltrated sales, inventory financial transactions data and other company records, setting a deadline of July 19, 2024 to publish the compromised information.

Unverified Homeland Vinyl Cyberattack Claims

According to its website, “Homeland Vinyl Products, Inc. creates a wide range of high quality residential and commercial vinyl products including vinyl fence, vinyl deck, vinyl railing, and specialty products.” The company has six plants across the US in Birmingham, AL; Millville, NJ; Surgoinsville, TN; Ogden, UT; Winter Park, FL and Corsicana, TX. In its LinkedIn profile, the company says it has 501-1,000 employees and 120 associated members. In its post on July 4, LockBit claims to have breached a host of sensitive company information. To authenticate its claims, the ransomware group has provided sample screenshots of the data breach on the dark web portal. This includes sales records from March 1, 2023 to February 29, 2024, Homeland Vinyl’s federal tax returns, inventory records as on May 31, 2024 and sample of the firm’s bank account transactions for the entire month of February 2024. [caption id="attachment_80475" align="alignnone" width="1234"] Source: Lockbit's Dark Web[/caption] [caption id="attachment_80477" align="alignnone" width="814"] Source: Lockbit's Dark Web[/caption] [caption id="attachment_80478" align="alignnone" width="817"] Source: Lockbit's Dark Web[/caption] The group claims they will publish the organization's data on July 19, 2024. The Cyber Express team attempted to reach Homeland Vinyl officials for comment, but as of now, there has been no response. The company’s website also appears to be functioning normally, casting doubts over the legitimacy of the Homeland Vinyl cyberattack claim. However, considering LockBit’s past activities, complete dismissal would be premature.

History of LockBit’s Ransomware Attacks 

LockBit Ransomware Group emerged as a significant cyber threat in September 2019. This group operates a ransomware-as-a-service (RaaS) model, attracting affiliates who launch attacks under their banner. LockBit automates the targeting and encryption processes, spreading within organizations without manual oversight, using common system tools to remain undetected. Their significant attacks have targeted a range of sectors from healthcare to financial institutions, primarily in the United States, China, India, and across Europe, exploiting organizations’ vulnerabilities to extort hefty ransoms. LockBit’s notoriety skyrocketed in 2022, earning them the title of the world’s most prolific ransomware by various government agencies. In May 2024, the NCA, FBI, and other global partners collaborated in an international operation to arrest Dmitry Khoroshev, an anonymous leader behind the notorious LockBit Ransomware gang. A month later, the FBI retrieved almost 7,000 decryption keys related to the LockBit operation, which affected thousands of businesses. The agency underlined the significance of thorough cybersecurity procedures and cooperative partnerships in protecting against malevolent activities given the ongoing evolution of cyber threats. Despite the arrest, LockBit has shown an ability to continually regroup and reestablish threat activities, recently launching high-profile ransomware attacks such as one that the one on Monday. In the beginning of July, LockBit targeted KBC Zagreb which is the largest and most advanced Croatian hospital. The cyber attacker claimed to have accessed sensitive data of the hospital which includes medical records, patient exams and studies, research papers of doctors, surgery, organ and donor data. The group also allegedly exfiltrated internal and external audit documents of Indonesian tin manufacturer PT. Pelat Timah Nusantara (Latinusa), Tbk. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.