LockBit 3.0 Ransomware Attack on Grupo PM

Incident Date:

May 9, 2024

World map



LockBit 3.0 Ransomware Attack on Grupo PM


Grupo PM, S.A. de C.V.




Cuernavaca, Mexico

, Mexico

First Reported

May 9, 2024

Ransomware Attack on Grupo PM by LockBit 3.0

Victim Company Profile

Grupo PM, S.A. de C.V. is a Mexico-based company operating in the Agriculture sector. They are pioneers in generic agricultural marketing in Mexico, with a focus on promoting and developing the Mexican guava market. Grupo PM aims to create a unique identity for themselves and contribute to the growth of the agricultural sector in Mexico. The company stands out in its industry for its dedication to delivering results for clients, high ethical standards, and a strong commitment to environmental sustainability.


The company's vulnerabilities in being targeted by threat actors lie in the sensitive data they possess, including client information, contracts, financial data, and personally identifiable information (PII). The company's size, with a significant number of employees and a wide range of operations, makes it an attractive target for cybercriminals looking to exfiltrate valuable data for ransom or malicious purposes.

Ransomware Group Distinction

LockBit 3.0 distinguishes itself by being an evolution of the LockBit ransomware group, known for its Ransomware-as-a-Service (RaaS) model. The group's advanced capabilities, such as file encryption, desktop modifications, and lateral movement through networks, make it a formidable threat. LockBit 3.0's obfuscation techniques and evasive maneuvers pose challenges for security researchers and organizations trying to defend against its attacks.

LockBit May Attacks

This incident is part of the May 2024 attacks by LockBit 3.0, where the cybercriminal group resurfaced with increased activity following the disruption of its infrastructure in February. Despite law enforcement efforts, LockBit swiftly returned, targeting numerous victims across sectors and countries. The group's adaptability and global reach highlight the need for enhanced international cooperation to combat cybercrime effectively.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.