Ransomware Attack on Sislocar Sel CR SA by LockBit 3.0

Ransomware Attack

The company based in Costa Rica, Sislocar, faced a ransomware attack carried out by LockBit 3.0. The hacker stole 0.4 GB of data, which included clients' information, scans, certificates, and other confidential data. LockBit 3.0 sets itself apart by encrypting files, altering filenames, changing desktop backgrounds, and leaving ransom notes. The ransomware is heavily obfuscated, posing a challenge for security experts to dissect. It can navigate through a network and erase its traces, heightening its stealthiness.

Company Profile

Sislocar offers integrated logistics solutions covering bonded warehouses, international transportation, customs services, and tax warehouses in key customs offices. They focus on optimizing supply chains, providing tax exemptions in their Free Zone, streamlining import/export operations, and ensuring efficient storage and compliance. Sislocar's strategic location enhances its services, making it a reliable partner for businesses in international trade.

LockBit May Attacks

This incident is part of the May 2024 attacks orchestrated by LockBit 3.0, a cybercriminal group that reemerged after its infrastructure was disrupted in February during "Operation Cronos." LockBit swiftly targeted more than 50 victims upon reactivating its platform, demonstrating its widespread influence and adaptability.

Company Vulnerabilities

The company's combination of logistics services and storage of sensitive client data make it an enticing target for threat actors like LockBit 3.0. The company's strategic position and involvement in the transportation industry may have exposed vulnerabilities that were exploited in the ransomware incident.

Sources

• Sislocar Website
• VMware Blog
• SentinelOne
• Trend Micro