Cyber Incident Victim: Studio Barba

On or around August 24, 2022, the Italian professional services firm Studio Barba suffered a ransomware attack attributed to the LockBit 3.0 group. The attackers infiltrated Studio Barba’s IT infrastructure and initiated a seven-day countdown timer set to expire on September 1 at 14:51 UTC, threatening to publish stolen data unless payment was received. LockBit demanded $100,000 for the deletion of the exfiltrated data and offered an additional option to extend the deadline by 24 hours for $2,000 per day. The group published samples of the stolen data as proof of compromise, intensifying pressure on the organization to comply with their demands. These samples reportedly included 3.56GB of data extracted from Studio Barba’s systems. The attack targeted an entity that emphasizes confidentiality and adherence to professional ethical standards, as reflected in its public-facing website’s alignment with Italy’s Code of Conduct for Labor Consultants.

LockBit’s publication of data samples demonstrated their unauthorized access to Studio Barba’s sensitive information, though the specific content or file types were not detailed in available reports. The incident highlighted the operational disruption faced by the firm, which specializes in professional services requiring strict client confidentiality. No explicit details regarding Studio Barba’s technical response, containment measures, or payment decisions were disclosed in the analyzed source material. The attackers leveraged their typical extortion model, combining data theft with deadlines to incentivize rapid payment. The 3.56GB data volume cited by LockBit suggested a significant breach of Studio Barba’s digital assets, though the full scope of impacted systems or data categories remained unspecified. The countdown mechanism and public data samples exemplified LockBit 3.0’s tactics to escalate psychological and operational pressure on victims during ransomware negotiations.