Ransomware Attack Disrupts German Oil Supplier Nusser Mineralöl
Ransomware Attack on Nusser Mineralöl GmbH by INC Ransom
Nusser Mineralöl GmbH, a key supplier of mineral oils and lubricants based in Straubing, Germany, has fallen victim to a ransomware attack orchestrated by the notorious cybercriminal group INC Ransom. The attack has reportedly compromised sensitive data, including customer information, financial records, and HR details.
Company Profile
Nusser Mineralöl GmbH is a prominent player in the Energy, Utilities & Waste sector, specializing in the wholesale and retail of petroleum products such as heating oil, diesel fuel, and a wide range of lubricants. The company serves various industries, including automotive, agriculture, shipping, construction, energy production, and metal processing. With approximately 50 employees and a revenue of around €10 million, Nusser Mineralöl GmbH is recognized for its extensive storage capacities and operational efficiency, ensuring consistent quality and timely deliveries to its customers.
Attack Overview
The ransomware group INC Ransom has claimed responsibility for the attack on Nusser Mineralöl GmbH via their dark web leak site. The cybercriminals assert that they have successfully breached the company's systems, gaining access to confidential data. This breach could have significant implications for the company's operations and its stakeholders, potentially disrupting services and damaging the company's reputation.
About INC Ransom
INC Ransom is a highly sophisticated ransomware group known for its targeted attacks on corporate and organizational networks. The group employs advanced techniques such as spear-phishing campaigns and exploiting vulnerabilities like CVE-2023-3519 in Citrix NetScaler. Their attacks involve double extortion, where they not only encrypt data but also steal it and threaten to release it publicly to increase pressure on victims to comply with ransom demands. INC Ransom has targeted various industries, including healthcare, education, government entities, and technology companies, making them a formidable threat in the cybersecurity landscape.
Penetration Methods
While the specific details of how INC Ransom penetrated Nusser Mineralöl GmbH's systems are not disclosed, it is likely that the group used a combination of spear-phishing emails and exploiting known vulnerabilities. Once inside the network, they would have used legitimate system tools and Commercial Off-The-Shelf (COTS) software for reconnaissance and lateral movement, ultimately leading to the encryption and theft of sensitive data.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!