LockBit3 Ransomware Strikes Oil & Gas Giant, Strike USA

Incident Date:

May 31, 2024

World map

Overview

Title

LockBit3 Ransomware Strikes Oil & Gas Giant, Strike USA

Victim

Strike, LLC

Attacker

Lockbit3

Location

Spring, USA

Texas, USA

First Reported

May 31, 2024

Ransomware Attack on Strike USA by LockBit3

Victim Overview

Strike USA, operating as Strike LLC, is a prominent pipeline and facilities solutions provider in the oil and gas industry. Employing over 1,500 people nationwide and generating an annual revenue of $1.7 billion, Strike USA has rapidly grown to become one of the fastest-growing private-equity owned companies in the sector. The company delivers integrated engineering, construction, maintenance, integrity, and specialty services throughout the entire oil and gas lifecycle.

Attack Overview

The LockBit3 ransomware group targeted strikeusa.com, resulting in the compromise of sensitive data, including contracts, employee ID cards, equipment management data, management reports, Oxford users, rate sheets, and information about safety coordinators. This breach highlighted the vulnerability of critical operational data to cyber attacks, impacting the company's operations and potentially harming its reputation.

Ransomware Group Profile

LockBit3, an advanced iteration of the LockBit ransomware group, operates as a Ransomware-as-a-Service (RaaS) entity. Renowned for its sophisticated capabilities and evasive techniques, LockBit3 encrypts files, alters filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops. The group's strategy of recruiting affiliates and targeting a diverse range of businesses and critical infrastructure organizations underscores its significance in the cybersecurity landscape.

Company Vulnerabilities

As a leading player in the oil and gas industry, Strike USA's extensive operations and valuable data assets make it an appealing target for cyber attackers like the LockBit3 ransomware group. The company's large workforce, diverse service offerings, and substantial financial standing may have contributed to its susceptibility to cyber attacks. This incident underscores the necessity for robust cybersecurity measures and comprehensive employee awareness training to mitigate such risks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.