LockBit Ransomware Hits Petroassist UK in Major Cyber Attack

Incident Date:

July 25, 2024

World map

Overview

Title

LockBit Ransomware Hits Petroassist UK in Major Cyber Attack

Victim

Petroassist UK

Attacker

Lockbit3

Location

Loanhead, United Kingdom

, United Kingdom

First Reported

July 25, 2024

LockBit Ransomware Group Targets Petroassist UK in Major Cyber Attack

Overview of Petroassist UK

Petroassist UK is a significant player in the fuel retail sector, specializing in the installation, maintenance, and support of fuel dispensing equipment and payment systems. As a subsidiary of the Petrotec Group, the company serves a diverse clientele, including both urban and rural petrol stations across the United Kingdom. Petroassist UK is known for its advanced technology solutions, such as the Petrotec AXON range of fuel pumps and electric vehicle (EV) charging infrastructure through its partnership with Hellonext. The company employs between 51 and 100 individuals and has been a technology partner for major retailers like Tesco for over a decade.

Details of the Ransomware Attack

On July 25, 2024, the ransomware group LockBit claimed responsibility for a cyber attack on Petroassist UK. The group has threatened to publish the organization's data if their ransom demands are not met. This attack highlights the increasing threat of ransomware to critical service providers and underscores the need for robust cybersecurity measures. The attack was announced on LockBit's dark web leak site, a common tactic used by the group to pressure victims into paying the ransom.

About LockBit Ransomware Group

LockBit is a highly sophisticated ransomware-as-a-service (RaaS) group that has been active since September 2019. Known for its modular ransomware, LockBit encrypts its payload until execution to hinder malware analysis and detection. The group employs "double extortion" tactics, exfiltrating sensitive data and threatening to release it publicly if the ransom is not paid. LockBit uses a combination of RSA-2048 and AES-256 encryption algorithms to encrypt victims' files and demands payment in Bitcoin. The group is notorious for exploiting vulnerabilities in Remote Desktop Protocol (RDP) services and unsecured network shares to spread quickly across a network.

Potential Vulnerabilities and Penetration Methods

Petroassist UK's focus on advanced technology solutions and cloud-connected systems, such as the latest pay-at-pump terminals, may have made it an attractive target for cybercriminals. The company's extensive use of networked systems and cloud services could have provided multiple entry points for the ransomware. LockBit is known for exploiting RDP vulnerabilities and unsecured network shares, which could have been potential vectors for the attack. Additionally, the group's ability to perform a check to avoid executing on systems with languages common to the Commonwealth of Independent States (CIS) region indicates a high level of sophistication in targeting specific organizations.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.