Ultragas Mexico Hit by LockBit 3.0 Ransomware
Incident Date:
May 9, 2024
Overview
Title
Ultragas Mexico Hit by LockBit 3.0 Ransomware
Victim
Ultragas Mexico
Attacker
Lockbit3
Location
First Reported
May 9, 2024
Ransomware Attack on Ultragas Mexico by LockBit 3.0
Overview
Ultragas is a company that specializes in selling and distributing LP Gas in Mexico. Established in 2006 in Monterrey, Nuevo León, the company expanded its operations by acquiring three gas distribution companies in 2013, allowing it to serve customers in various regions across Mexico. The company has a revenue of <5$ million.
Attack Details
The company recently experienced a cyberattack orchestrated by the LockBit 3.0 ransomware group. The attack resulted in the theft of 57 GB of sensitive data, including customer information and invoices. The attackers have threatened to release this data, potentially causing significant harm to Ultragas Mexico and its clientele.
LockBit 3.0 Resurgence
As part of the May 2024 attacks, LockBit 3.0 resurfaced after facing infrastructure disruptions. The group quickly resumed its malicious activities, targeting more than 50 victims in a short period. This rapid resurgence highlights LockBit's global reach and ability to adapt to law enforcement interventions.
LockBit 3.0's attack methodology involves encrypting files, altering filenames, changing desktop backgrounds, and leaving ransom notes. The ransomware's sophisticated features, including lateral movement within networks and covering its tracks, pose significant challenges for cybersecurity experts attempting to analyze and defend against it.
Targeting Strategy
Given Ultragas Mexico's involvement in the Energy, Utilities & Waste sector, the company may have been targeted due to its critical infrastructure connections. Its relatively small size and revenue could have made it an appealing target for cybercriminals seeking financial gains through ransomware attacks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.