LockBit ransomware continues to hit companies around the world, with three more additions posted to its dark web victim blog. The gang’s recent crime spree now includes alleged attacks on Argentinian power company Grupo Albanesi, Indian chemical business SRF and more than| 200 CEFCO convenience stores in the southern states of the US. All have been issued with a deadline to pay a ransom or see their data published online.
Given that LockBit recently imposed a payment deadline on Royal Mail following a successful breach, then failed to publish stolen data when the ransom wasn’t paid, the businesses may be sceptical that the criminals will make good on their threats. Even if the victims do pay up, there is no guarantee the stolen information will be released.
LockBit ransomware spree hits three large companies
The three have been issued with ultimatums by the gang. SRF, a multi-business chemicals manufacturer based in India, has been given until 1 March to respond before “all available data will be published”.
Likewise, Argentinian oil and natural gas company Grupo Albanesi has today appeared on the blog, receiving a ransom deadline of 28 February.
The American convenience store chain CEFCO has also allegedly suffered a breach. The company has 200 branches throughout the states of Texas, Alabama, Mississippi, Oklahoma, Louisiana and Florida. Its deadline is 22 February.
While these companies have appeared on the site, there is no guarantee that this corresponds to damage to the systems of the organisations or that their data will appear online as the deadline passes. Cybercriminals are notoriously unreliable and will often not release the data when they say they will or will hold on to encryption keys despite being paid a ransom, as has recently been experienced in the company’s dealings with Royal Mail.
None of the companies had responded to requests for comment from Tech Monitor at the time of writing, but a spokesperson for SRF told Cyber Express that the company has “observed that one of our non-essential IT infrastructure environments was non-responsive through our security monitoring systems and suspected some irregular activity”.
LockBit has been prolific in recent months
Based in Russia, LockBit has been one of the most active ransomware gangs observed in recent months. The gang was responsible for 33% of the ransomware attacks in the past six months of 2022, a 94% increase compared to its 2021 activity, according to research from cybersecurity vendor NCC Group.
The impact of LockBit’s attacks can be significant. Royal Mail’s international parcel delivery service is still out of action due to a hack that took place at the beginning of January. With the company’s data having not yet been released, security researcher Brett Callow, of Emsisoft, argues that LockBit is still hopeful of receiving a payout.
“This is likely harassment intended to keep the Royal Mail under pressure,” Callow tweeted. “In other cases, LockBit has repeatedly reset the countdown timer. Bottom line: LockBit will not release data until they have given up on being able to monetize the attack.”