Ransomware Attack on CTT Express by LockBit 3.0

Overview

CTT Express, a transportation and logistics company based in Hellín, Castilla-La Mancha, Spain, with 236 employees and revenue less than $5 million, fell victim to a cyberattack by the LockBit 3.0 ransomware. The attackers successfully exfiltrated 155 GB of sensitive data, including financial records, invoices, and client information, which was later publicly disclosed.

Company Profile

The company specializes in freight shipping services across the United States, offering full truckload, less-than-truckload, and expedited options, along with warehousing and distribution services. Renowned for their 24-hour delivery service, the company distinguishes itself through its commitment to quality, reliability, and flexibility, achieved through investments in technology and innovation, and handling over 200,000 parcels daily.

LockBit 3.0 Ransomware Group

The LockBit 3.0 ransomware group, also known as LockBit Black, is a new variant of the LockBit ransomware that emerged in 2022. It is considered one of the most dangerous and disruptive ransomware threats currently active. LockBit 3.0 encrypts files, modifies their filenames, changes the desktop wallpaper, and drops a ransom note on the victim's desktop. The ransomware is heavily obfuscated and protected against analysis, making it difficult for security researchers to study.

LockBit May Attacks

This attack on CTT Express is part of the May 2024 attacks by LockBit 3.0, a cybercriminal group that resurfaced following the disruption of its infrastructure in February during "Operation Cronos." Despite arrests and the dismantling of its data leak site, LockBit swiftly returned, targeting over 50 victims within hours of reactivating its platform. These assaults spanned various sectors and countries, showcasing LockBit's global reach and adaptability.

Sources:

• CTT Express Company Profile
• LockBit 3.0 Information
• LockBit May Attacks