LockBit 3.0 Ransomware Attack on Grupo MPE

Incident Date:

May 9, 2024

World map



LockBit 3.0 Ransomware Attack on Grupo MPE


Grupo MPE




Sevilla, Spain

, Spain

First Reported

May 9, 2024

Ransomware Attack on Grupo MPE by LockBit 3.0

Victim Profile

Grupo MPE is a public company based in Seville, Spain, specializing in integrated occupational risk prevention services and training solutions. With 501-1,000 employees, Grupo MPE offers a comprehensive range of occupational risk prevention services, including safety, hygiene, ergonomics, psychosociology, and occupational medicine. They also provide customized training solutions to meet the specific needs of companies and their workers.

Company Standout

The company stands out in the Healthcare Services sector for its holistic approach to occupational health and safety services. By offering a wide range of services and personalized training solutions, they help businesses comply with health and safety regulations and create a safe work environment for their employees.

Attack Details

Grupo MPE fell victim to a cyberattack by the LockBit 3.0 ransomware group, where the attacker exfiltrated 622 GB of sensitive data, including certificates, contracts, PII, insurance data, and financial data. The leaked data poses risks such as identity theft, financial fraud, and reputational damage to the company and its stakeholders.

Ransomware Group Analysis

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. The group distinguishes itself by its advanced encryption techniques, obfuscation, lateral movement capabilities, and the ability to cover its tracks effectively.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.