LockBit3 Ransomware Strikes Oil & Gas Giant, Strike USA
Incident Date:
May 31, 2024
Overview
Title
LockBit3 Ransomware Strikes Oil & Gas Giant, Strike USA
Victim
Strike, LLC
Attacker
Lockbit3
Location
First Reported
May 31, 2024
Ransomware Attack on Strike USA by LockBit3
Victim Overview
Strike USA, operating as Strike LLC, is a prominent pipeline and facilities solutions provider in the oil and gas industry. Employing over 1,500 people nationwide and generating an annual revenue of $1.7 billion, Strike USA has rapidly grown to become one of the fastest-growing private-equity owned companies in the sector. The company delivers integrated engineering, construction, maintenance, integrity, and specialty services throughout the entire oil and gas lifecycle.
Attack Overview
The LockBit3 ransomware group targeted strikeusa.com, resulting in the compromise of sensitive data, including contracts, employee ID cards, equipment management data, management reports, Oxford users, rate sheets, and information about safety coordinators. This breach highlighted the vulnerability of critical operational data to cyber attacks, impacting the company's operations and potentially harming its reputation.
Ransomware Group Profile
LockBit3, an advanced iteration of the LockBit ransomware group, operates as a Ransomware-as-a-Service (RaaS) entity. Renowned for its sophisticated capabilities and evasive techniques, LockBit3 encrypts files, alters filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The group's strategy of recruiting affiliates and targeting a diverse range of businesses and critical infrastructure organizations underscores its significance in the cybersecurity landscape.
Company Vulnerabilities
As a leading player in the oil and gas industry, Strike USA's extensive operations and valuable data assets make it an appealing target for cyber attackers like the LockBit3 ransomware group. The company's large workforce, diverse service offerings, and substantial financial standing may have contributed to its susceptibility to cyber attacks. This incident underscores the necessity for robust cybersecurity measures and comprehensive employee awareness training to mitigate such risks.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.