CTT Express Hit by LockBit 3.0 Ransomware

Incident Date:

May 9, 2024

World map

Overview

Title

CTT Express Hit by LockBit 3.0 Ransomware

Victim

CTT Express

Attacker

Lockbit3

Location

Hellín, Spain

, Spain

First Reported

May 9, 2024

Ransomware Attack on CTT Express by LockBit 3.0

Overview

CTT Express, a transportation and logistics company based in Hellín, Castilla-La Mancha, Spain, with 236 employees and revenue less than $5 million, fell victim to a cyberattack by the LockBit 3.0 ransomware. The attackers successfully exfiltrated 155 GB of sensitive data, including financial records, invoices, and client information, which was later publicly disclosed.

Company Profile

The company specializes in freight shipping services across the United States, offering full truckload, less-than-truckload, and expedited options, along with warehousing and distribution services. Renowned for their 24-hour delivery service, the company distinguishes itself through its commitment to quality, reliability, and flexibility, achieved through investments in technology and innovation, and handling over 200,000 parcels daily.

LockBit 3.0 Ransomware Group

The LockBit 3.0 ransomware group, also known as LockBit Black, is a new variant of the LockBit ransomware that emerged in 2022. It is considered one of the most dangerous and disruptive ransomware threats currently active. LockBit 3.0 encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study.

LockBit May Attacks

This attack on CTT Express is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.