Ransomware Attack Disrupts German Oil Supplier Nusser Mineralöl

Incident Date:

September 19, 2024

World map

Overview

Title

Ransomware Attack Disrupts German Oil Supplier Nusser Mineralöl

Victim

Nusser Mineralöl GmbH

Attacker

Inc Ransom

Location

Zwiesel, Germany

, Germany

First Reported

September 19, 2024

Ransomware Attack on Nusser Mineralöl GmbH by INC Ransom

Nusser Mineralöl GmbH, a key supplier of mineral oils and lubricants based in Straubing, Germany, has fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group INC Ransom. The attack has reportedly compromised sensitive data, including customer information, financial records, and HR details.

Company Profile

Nusser Mineralöl GmbH is a prominent player in the Energy, Utilities & Waste sector, specializing in the wholesale and retail of petroleum products such as heating oil, diesel fuel, and a wide range of lubricants. The company serves various industries, including automotive, agriculture, shipping, construction, energy production, and metal processing. With approximately 50 employees and a revenue of around €10 million, Nusser Mineralöl GmbH is recognized for its extensive storage capacities and operational efficiency, ensuring consistent quality and timely deliveries to its customers.

Attack Overview

The ransomware group INC Ransom has claimed responsibility for the attack on Nusser Mineralöl GmbH via their dark web leak site. The cybercriminals assert that they have successfully breached the company's systems, gaining access to confidential data. This breach could have significant implications for the company's operations and its stakeholders, potentially disrupting services and damaging the company's reputation.

About INC Ransom

INC Ransom is a highly sophisticated ransomware group known for its targeted attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. Their attacks involve double extortion, where they not only encrypt data but also steal it and threaten to release it publicly to increase pressure on victims to comply with ransom demands. INC Ransom has targeted various industries, including healthcare, education, government entities, and technology companies, making them a formidable threat in the cybersecurity landscape.

Penetration Methods

While the specific details of how INC Ransom penetrated Nusser Mineralöl GmbH's systems are not disclosed, it is likely that the group used a combination of spear-phishing emails and exploiting known vulnerabilities. Once inside the network, they would have used legitimate system tools and Commercial Off-The-Shelf (COTS) software for reconnaissance and lateral movement, ultimately leading to the encryption and theft of sensitive data.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.