lockbit2 attacks remar.

Incident Date:

April 3, 2022

World map



lockbit2 attacks remar.






Manta, Ecuador

Manta, Ecuador

First Reported

April 3, 2022

Remar, a Leading Maritime and Logistics Company, Suffers Ransomware Attack

Remar, a prominent maritime and logistics company based in Ecuador, recently fell victim to a ransomware attack orchestrated by the Lockbit2 group. The incident was disclosed on the group's dark web leak site. Remar, a key player in the Education sector, has been at the forefront of port services in Ecuador for over four decades, boasting a significant footprint across the nation's ports and a dedication to delivering superior services to its clientele.

Company Size and Industry Standing

As a member of the ULTRAMAR group, which boasts a 70-year legacy and operates over 100 companies across the Americas, many of which lead in their respective markets, Remar's emphasis on maritime and logistics services underscores its pivotal role in the Ecuadorian market.

Vulnerabilities and Targeting

The precise vulnerabilities exploited in the attack on Remar by Lockbit2 remain undisclosed. Nonetheless, ransomware attacks typically leverage flaws in software, outdated systems, or human errors, such as insufficiently robust credentials or phishing schemes. Lockbit2, in particular, is notorious for its exploitation of Remote Desktop Protocol (RDP) vulnerabilities.

Mitigation and Response

Following a ransomware attack, it is imperative for organizations to act swiftly to mitigate the damage and avert further data breaches. Essential steps include severing the connection of impacted systems from the network, quarantining the compromised segments, and enlisting the expertise of cybersecurity professionals to facilitate the recovery endeavor.


  • Agenciamiento Marítimo y Servicios Logísticos - Remar
  • Ransomware Attack Disrupts Over 100 Romanian Hospitals, Including Cancer and Pediatric Centers
  • Remote ransomware: What is and how to stop it | SC Media
  • Ecuador's state-run CNT under attack via RansomEXX Ransomware
  • Investigating a Stealthy Remcos Malware Attack on Colombian Firms

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.