Cyber Incident Victim: Tekinox Srl
Date:
Aug 2022
Location:
Italy
Summary
The Italian manufacturing firm Tekinox Srl suffered a ransomware attack by the LockBit 3.0 group, which exfiltrated company data and initiated a countdown for its public release unless a ransom was paid. LockBit published samples of stolen information on their leak site, confirming the breach and threatening full disclosure. The attackers employed double extortion tactics, combining data encryption with threats to leak sensitive materials. LockBit operates under a ransomware-as-a-service model, sharing profits between developers and affiliates while offering victims options to extend deadlines, destroy data, or download exfiltrated information for additional payments. The incident highlights LockBit's evolving capabilities, including self-propagation within networks and monetization strategies through cryptocurrency payments.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around August 2, 2022, the LockBit 3.0 ransomware group publicly claimed responsibility for a cyberattack targeting Tekinox Srl, an Italian manufacturing company specializing in precision-turned stainless steel components. The attackers announced a six-day countdown on their data leak site, threatening to publish all exfiltrated company data by August 9, 2022, at 12:21 UTC unless an unspecified ransom was paid. LockBit provided samples of stolen data to substantiate their claim, explicitly naming Tekinox and describing its business operations in their post. The group stated, "All available data will be published!" and did not offer extensions to the deadline or disclose ransom payment terms at the time of reporting. Tekinox, an ISO 9001:2015 certified manufacturer with computer numerical control (CNC) machinery and integrated management systems, faced potential exposure of sensitive operational data, including proprietary client designs and specifications for custom parts production.
The incident followed LockBit’s established ransomware-as-a-service (RaaS) operational model, where affiliates conduct attacks in exchange for a share of ransom profits. LockBit 3.0 introduced features allowing victims to pay additional fees to extend countdown timers, destroy stolen data, or download their exfiltrated information exclusively. The attackers did not specify whether Tekinox engaged in negotiations or whether production systems were encrypted. Potential impacts included disruption to the company’s traceability systems, client project confidentiality, and reputational damage from data exposure. Red Hot Cyber, the reporting outlet, confirmed monitoring the situation for updates but noted no official statement from Tekinox regarding incident response or containment measures as of their publication date. LockBit’s history of targeting organizations globally and its affiliation with ransomware families like LockerGoga and MegaCortex underscored the severity of the threat to Tekinox’s data integrity.