Pierluigi Paganini November 06, 2022

The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company.

Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.

Kearney & Company was added to the list of victims of the Lockbit 3.0 group on November 05, the gang is threatening to publish stolen data by November 26, 2022, if the company will not pay the ransom. At this time, the ransomware gang has published a sample of the stolen data that includes financial documents, contracts, audit reports, billing documents and more.

The ransomware gang is demanding the payment of $2M to destroy the stolen data and $10K to extend the timer for 24H.

This week LockBit ransomware group claimed to have hacked other major organizations, the multinational automotive group Continental and the defense giant Thales.

In June, the LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments.

The gang has been active since at least 2019 and today it is one of the most active ransomware gangs.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Kearney & Company)

[adrotate banner=”5″]

[adrotate banner=”13″]