Risser Oil Hit by Qilin Ransomware: A Growing Cybersecurity Threat

Incident Date:

August 29, 2024

World map

Overview

Title

Risser Oil Hit by Qilin Ransomware: A Growing Cybersecurity Threat

Victim

Risser Oil

Attacker

Qilin

Location

Clearwater, USA

Florida, USA

First Reported

August 29, 2024

Risser Oil Corporation Targeted by Qilin Ransomware Group

Risser Oil Corporation, a prominent distributor of petroleum products based in Clearwater, Florida, has recently fallen victim to a ransomware attack orchestrated by the Qilin group. This incident underscores the growing cybersecurity threats faced by companies in the energy, utilities, and waste sectors.

Company Overview

Risser Oil Corporation specializes in the distribution of high-quality petroleum products, including branded fuels from major oil companies such as Shell, Mobil, and Exxon. The company serves a diverse clientele, including real estate investment firms and other fuel distribution companies. With a history dating back to the 1930s, Risser Oil has established itself as a reliable provider in the fuel distribution sector. The company also has a diversified business model that includes real estate investments, allowing it to leverage its resources and expertise across multiple sectors.

Risser Oil employs between 51 and 250 individuals and has an estimated revenue of approximately $20.4 million. The company is led by CEO Kerry Katchuk, who oversees its various operations and strategic initiatives. Risser Oil's commitment to client satisfaction, environmental responsibility, and ethical business practices has contributed to its strong position in the market.

Attack Overview

On August 30, Risser Oil experienced a significant data breach, which the Qilin ransomware group has claimed responsibility for. The cybercriminals reportedly gained access to sensitive data, potentially compromising the company's operations and client information. This attack highlights the vulnerabilities that companies in the petroleum distribution industry face, particularly in terms of cybersecurity.

About the Qilin Ransomware Group

The Qilin ransomware group, also known as Agenda, is a sophisticated Ransomware-as-a-Service (RaaS) operation believed to be of Russian origin. Since its emergence in October 2022, Qilin has targeted various organizations, including healthcare providers, automotive companies, and government agencies. The group is known for its advanced tactics, such as data exfiltration and double extortion, to pressure victims into paying ransoms.

Qilin's adaptability and cross-platform capabilities make it a formidable threat. The group has been particularly active in the healthcare sector, causing significant disruptions to hospitals and medical services. In June, Qilin was suspected of launching a ransomware attack against Synnovis, a pathology services firm in London, leading to a critical incident at several hospitals.

Potential Vulnerabilities

Risser Oil's involvement in both the petroleum distribution and real estate sectors may have made it an attractive target for the Qilin group. The company's extensive operations and client base could provide multiple entry points for cybercriminals. Additionally, the increasing sophistication of ransomware attacks necessitates advanced cybersecurity measures, which may not have been fully implemented or updated at Risser Oil.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.