Ransomware Attack on Ultragas Mexico by LockBit 3.0

Overview

Ultragas is a company that specializes in selling and distributing LP Gas in Mexico. Established in 2006 in Monterrey, Nuevo León, the company expanded its operations by acquiring three gas distribution companies in 2013, allowing it to serve customers in various regions across Mexico. The company has a revenue of <5$ million.

Attack Details

The company recently experienced a cyberattack orchestrated by the LockBit 3.0 ransomware group. The attack resulted in the theft of 57 GB of sensitive data, including customer information and invoices. The attackers have threatened to release this data, potentially causing significant harm to Ultragas Mexico and its clientele.

LockBit 3.0 Resurgence

As part of the May 2024 attacks, LockBit 3.0 resurfaced after facing infrastructure disruptions. The group quickly resumed its malicious activities, targeting more than 50 victims in a short period. This rapid resurgence highlights LockBit's global reach and ability to adapt to law enforcement interventions.

LockBit 3.0's attack methodology involves encrypting files, altering filenames, changing desktop backgrounds, and leaving ransom notes. The ransomware's sophisticated features, including lateral movement within networks and covering its tracks, pose significant challenges for cybersecurity experts attempting to analyze and defend against it.

Targeting Strategy

Given Ultragas Mexico's involvement in the Energy, Utilities & Waste sector, the company may have been targeted due to its critical infrastructure connections. Its relatively small size and revenue could have made it an appealing target for cybercriminals seeking financial gains through ransomware attacks.

Sources

• Ultragas Mexico Website
• ZoomInfo - Ultragas Mexico
• Clodura - Ultragas Mexico
• VMware Blog - LockBit 3.0
• SentinelOne - LockBit 3.0