{ "id": "826943a4-7581-4004-b2d4-d554339ace17", "created_at": "2026-04-06T00:17:15.432211Z", "updated_at": "2026-04-10T03:26:47.139414Z", "deleted_at": null, "sha1_hash": "f97bf0570677ba9806636142d8a8256a864d129c", "title": "LockBit gang claims to have stolen data from Kearney \u0026 Company", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 217070, "plain_text": "LockBit gang claims to have stolen data from Kearney \u0026 Company\r\nBy Pierluigi Paganini\r\nPublished: 2022-11-06 · Archived: 2026-04-05 16:26:15 UTC\r\n Pierluigi Paganini November 06, 2022\r\nThe ransomware group LockBit claimed to have stolen data from consulting and\r\nIT services provider Kearney \u0026 Company.\r\nKearney is the premier CPA firm that services across the financial management spectrum to government entities.\r\nThe company provides audit, consulting and IT services to the United States government. It has helped the Federal\r\nGovernment improve its financial operations’ overall effectiveness and efficiency.\r\nKearney \u0026 Company was added to the list of victims of the Lockbit 3.0 group on November 05, the gang is\r\nthreatening to publish stolen data by November 26, 2022, if the company will not pay the ransom. At this time, the\r\nransomware gang has published a sample of the stolen data that includes financial documents, contracts, audit\r\nreports, billing documents and more.\r\nhttps://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html\r\nPage 1 of 2\n\nThe ransomware gang is demanding the payment of $2M to destroy the stolen data and $10K to extend the timer\r\nfor 24H.\r\nThis week LockBit ransomware group claimed to have hacked other major organizations, the multinational\r\nautomotive group Continental and the defense giant Thales.\r\nIn June, the LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty\r\nprogram and Zcash payments.\r\nThe gang has been active since at least 2019 and today it is one of the most active ransomware gangs.\r\nFollow me on Twitter: @securityaffairs and Facebook\r\n[adrotate banner=”9″] [adrotate banner=”12″]\r\nPierluigi Paganini\r\n(SecurityAffairs – hacking, Kearney \u0026 Company)\r\n[adrotate banner=”5″]\r\n[adrotate banner=”13″]\r\nSource: https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html\r\nhttps://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://securityaffairs.co/wordpress/138136/cyber-crime/lockbit-ransomware-kearney-company.html" ], "report_names": [ "lockbit-ransomware-kearney-company.html" ], "threat_actors": [ { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434635, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f97bf0570677ba9806636142d8a8256a864d129c.pdf", "text": "https://archive.orkl.eu/f97bf0570677ba9806636142d8a8256a864d129c.txt", "img": "https://archive.orkl.eu/f97bf0570677ba9806636142d8a8256a864d129c.jpg" } }