• Eros Elevators, a long-established India-based elevator and escalator manufacturer operating since 1947, was targeted in a ransomware attack by the LockBit 5.0 group.
• The attack appears to have occurred around December 30, 2025, with the breach discovered publicly around year-end and continuing into early January 2026.
• LockBit 5.0 reportedly listed Eros Elevators on its dark web extortion portal, indicating that the attackers claimed access to internal systems and possibly exfiltrated sensitive data.

Impact on Operations

• The ransomware incident disrupted Eros Elevators’ systems, potentially affecting operational data and internal workflows—though precise details on the extent of encryption or downtime have not been fully disclosed.
• Reports suggest that the company’s operational and possibly customer or employee data could be at risk, given typical ransomware behaviour of exfiltrating and threatening to leak sensitive information if demands are not met.

About LockBit 5.0

• LockBit is a notorious cybercriminal ransomware-as-a-service (RaaS) group that encrypts victim data and threatens public disclosure unless ransom demands are met.
• The 5.0 variant represents the latest version used by affiliates to target various industries worldwide, including manufacturing and infrastructure sectors.

Broader Context

• Ransomware groups like LockBit often choose targets that rely on continuous operations, because disruption increases pressure on victims to negotiate.
• This incident follows a global trend of ransomware attacks on industrial and critical infrastructure firms, underlining ongoing cybersecurity risks even for long-standing companies.

What’s Still Unclear

• Whether Eros Elevators paid a ransom, and if so how much, has not been publicly confirmed.
• The full scope of data compromised (e.g., operational, financial, employee records) remains unverified beyond the attackers’ claims of access.