LockBit 3.0 Ransomware Attack on Cultivar

Incident Date:

May 9, 2024

World map



LockBit 3.0 Ransomware Attack on Cultivar






Formosa, Brazil

, Brazil

First Reported

May 9, 2024

Ransomware Attack on Cultivar by LockBit 3.0

Company Profile

Cultivar is a Brazilian company specializing in the import and export of agricultural products, including fertilizers, pesticides, seeds, and biological products. The company has an experienced administrative and commercial team and a wide portfolio of suppliers in the agriculture and livestock sectors. Cultivar's registered name is Cultivar S.A.U., and it is headquartered in Formosa, Goiás, Brazil. The company has between 11 and 50 employees. Cultivar stands out for providing innovative services such as logistics solutions, strict quality controls, and a wide range of fresh, quality fruits and vegetables. They also use unique ripening and storage techniques to ensure product quality.

Attack Details

The cyberattack on Cultivar was carried out by the LockBit 3.0 ransomware. The attackers successfully encrypted the company's data, rendering it inaccessible. It is believed that the attackers intended to extort a ransom from the company in exchange for the decryption key.The group has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations globally. LockBit 3.0 is considered one of the most dangerous and disruptive ransomware threats currently active, with advanced infection capacities and customization options.

LockBit May Attacks

This ransomware attack on Cultivar is part of the May 2024 attacks by LockBit 3.0. The cybercriminal group resurfaced with vigor following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's recent activities targeted diverse industries globally, showcasing its global reach and adaptability.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.