This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

GaP Solutions

Summary

GaP Solutions, an Australian retail software vendor and hardware provider, fell victim to the LockBit ransomware gang in late February/early March 2024. LockBit posted details on its darknet leak site on 29 February, threatening to publish exfiltrated data within 20 days. The attack occurred shortly after international law enforcement disruption of LockBit's operations, demonstrating the gang's quick recovery and continued activity.

What Happened

The LockBit ransomware gang breached GaP Solutions' systems and exfiltrated data before posting on their darknet leak site on 29 February 2024. The gang set a deadline of 20 March to publish the stolen data if ransom demands were not met. This attack was notable for occurring just days after international law enforcement authorities executed a major takedown of LockBit's infrastructure in February 2024, showing the gang rapidly resumed operations despite the disruption.

Impact on Individuals

GaP Solutions emphasized that "this incident relates to our internal systems and has not affected our customer cloud services in any way," indicating customer data hosted on their cloud platform remained secure. However, internal corporate data and employee information may have been compromised. Affected individuals should:

  • Monitor for phishing attempts targeting retail software users
  • Be alert for business email compromise attempts
  • Watch for scams exploiting knowledge of relationships with GaP Solutions customers

The gang declined to share specific evidence of the hack or reveal the ransom amount demanded.

Organisational Response

GaP Solutions quickly reassured clients that customer cloud services were not affected by the breach, with the incident confined to internal systems. The company is a turnkey software developer and hardware provider serving the Australian retail market. The attack highlighted the resilience of ransomware operations, with LockBit resuming activity within days of a major international law enforcement operation that had taken down their infrastructure and resulted in several arrests in February 2024.

Verification Source: View original statement