LockBit Ransomware Attack Paralyzes 350,000 Businesses in Overnight Cyberassault
In December 2023, the notorious ransomware group LockBit executed a devastating cyberattack targeting Coaxis, a French IT firm hosting accounting software for businesses. The assault, launched on December 8 at 4:50 AM, encrypted critical systems within hours, crippling over 1,200 accounting firms, healthcare providers, and 350,000 enterprises across France and beyond.
The attack began when a hacker infiltrated Coaxis’s network using stolen credentials from an agro-industrial client, exploiting a seemingly innocuous link. By 4:32 AM, the ransomware detonated a meticulously timed "digital time bomb" that locked thousands of files and left a $5 million ransom demand. LockBit, known for its ruthless tactics, later threatened to leak sensitive data from Coaxis’s clients, though investigators later confirmed no exfiltration had occurred.
The incident underscored LockBit’s global reach. In a separate attack on December 18, the group targeted a Chicago children’s hospital, demonstrating its disregard for collateral damage. Meanwhile, undercover researchers Jon DiMaggio and Azim Khodjibaev had infiltrated the group, revealing its internal operations including a bizarre "job interview" process for recruits.
The fallout was severe. A Toulon-based temp agency faced physical intimidation after being unable to pay employees, while Coaxis’s clients grappled with lost revenue. Despite pressure, Coaxis’s leadership refused to pay the ransom, opting to rebuild its systems a decision later praised for its resilience.
By February 2024, a multinational law enforcement operation, supported by Orange Cyberdefense, dismantled LockBit’s infrastructure. Key arrests followed, including Rostislav Panev, whose seized devices provided critical evidence. However, the group’s alleged leader, Dmitry Khoroshev, remains at large in Russia, shielded by geopolitical barriers.
The attack’s mechanics and aftermath are chronicled in "Don’t Go to the Police", a documentary by Ludoc (a former Canal+ director) featuring 18 cybersecurity experts, journalists, and victims. The film, screened at Paris’s Grand Rex, highlights the human vulnerabilities exploited in cybercrime and the high-stakes global hunt to dismantle LockBit while leaving its most elusive figure untouched.
COAXIS cybersecurity rating report: https://www.rankiteo.com/company/coaxis-asp
"id": "COA1773304197",
"linkid": "coaxis-asp",
"type": "Ransomware",
"date": "12/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '350,000 enterprises',
'industry': 'Technology/Accounting Software',
'location': 'France',
'name': 'Coaxis',
'type': 'IT Firm'},
{'industry': 'Accounting',
'location': 'France and beyond',
'name': '1,200 accounting firms',
'type': 'Businesses'},
{'industry': 'Healthcare',
'location': 'France and beyond',
'name': 'Healthcare providers',
'type': 'Organizations'},
{'industry': 'Healthcare',
'location': 'Chicago, USA',
'name': 'Chicago children’s hospital',
'type': 'Hospital'},
{'industry': 'Staffing',
'location': 'Toulon, France',
'name': 'Toulon-based temp agency',
'type': 'Business'}],
'attack_vector': 'Stolen credentials',
'data_breach': {'data_encryption': True,
'sensitivity_of_data': 'High (accounting and healthcare data)',
'type_of_data_compromised': 'Files and systems'},
'date_detected': '2023-12-08T04:50:00',
'description': 'In December 2023, the notorious ransomware group LockBit '
'executed a devastating cyberattack targeting Coaxis, a French '
'IT firm hosting accounting software for businesses. The '
'assault encrypted critical systems within hours, crippling '
'over 1,200 accounting firms, healthcare providers, and '
'350,000 enterprises across France and beyond. The attack '
'began with stolen credentials from an agro-industrial client, '
'leading to a $5 million ransom demand. LockBit later '
'threatened to leak sensitive data, though no exfiltration was '
'confirmed.',
'impact': {'brand_reputation_impact': 'Severe reputational damage to Coaxis '
'and clients',
'data_compromised': 'Critical systems and files encrypted',
'operational_impact': 'Crippled operations for 350,000 businesses',
'revenue_loss': 'Lost revenue for Coaxis and clients',
'systems_affected': 'Accounting software, healthcare systems, '
'enterprise networks'},
'initial_access_broker': {'entry_point': 'Stolen credentials from an '
'agro-industrial client'},
'investigation_status': 'Ongoing (infrastructure dismantled, key arrests '
'made)',
'lessons_learned': 'Human vulnerabilities exploited in cybercrime; importance '
'of resilience and law enforcement collaboration.',
'motivation': 'Financial gain',
'post_incident_analysis': {'corrective_actions': 'Rebuilt systems, law '
'enforcement collaboration, '
'enhanced security measures',
'root_causes': 'Stolen credentials, lack of '
'multi-factor authentication, human '
'error'},
'ransomware': {'data_encryption': True,
'ransom_demanded': '$5 million',
'ransomware_strain': 'LockBit'},
'references': [{'source': 'Documentary: Don’t Go to the Police'}],
'response': {'law_enforcement_notified': True,
'remediation_measures': 'Rebuilt systems without paying ransom',
'third_party_assistance': 'Orange Cyberdefense'},
'threat_actor': 'LockBit',
'title': 'LockBit Ransomware Attack Paralyzes 350,000 Businesses in Overnight '
'Cyberassault',
'type': 'Ransomware'}