LockBit 3.0 Ransomware Strikes EcoTruck in Brazil

Incident Date:

May 9, 2024

World map



LockBit 3.0 Ransomware Strikes EcoTruck in Brazil






Ho Chi Minh, Vietnam

, Vietnam

First Reported

May 9, 2024

Ransomware Attack on EcoTruck by LockBit 3.0


The LockBit 3.0 cybercrime group recently targeted Ecotruck, a company based in Brazil, in a ransomware attack. The attackers used ransomware to encrypt the company's data, causing disruption to its operations.

Company Profile

EcoTruck is a Brazilian company specializing in the development of advanced technological solutions for the management, inventory, and intelligent diagnosis of tires and the tracking of agricultural equipment. They provide real-time monitoring of tire pressure, temperature, location, and mileage, as well as tracking, mapping, and inventory management for agricultural equipment.

Company Size

The company employs cutting-edge technologies with data to streamline operations and save costs for both merchants and vendors. They also offer customer services to handle issues that require human interaction. EcoTruck has 51-150 employees.


Given EcoTruck's focus on advanced technological solutions and real-time monitoring systems, they may have been targeted by threat actors due to the valuable data they possess. The company's involvement in the logistics industry, which involves the handling of sensitive information related to transportation and inventory management, could have made them an attractive target for ransomware attacks.

LockBit 3.0 Ransomware Group

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that has evolved from the LockBit group. It is considered one of the most dangerous and disruptive ransomware threats currently active. The group encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. LockBit 3.0 has advanced features like lateral movement through networks and self-covering tracks to evade detection.

LockBit May Attacks

The cybercriminal gang resurfaced with vigor in May 2024 following the disruption of its infrastructure during "Operation Cronos." Despite law enforcement efforts, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach highlight the need for enhanced international cooperation to combat cybercrime effectively.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.