View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 14, 2023

LockBit ransomware spree hits three large companies

Three more companies have fallen victim to the Russian gang, though whether their data will be exposed remains unclear.

By Claudia Glover

LockBit ransomware continues to hit companies around the world, with three more additions posted to its dark web victim blog. The gang’s recent crime spree now includes alleged attacks on Argentinian power company Grupo Albanesi, Indian chemical business SRF and more than| 200 CEFCO convenience stores in the southern states of the US. All have been issued with a deadline to pay a ransom or see their data published online. 

LockBit posts claims of attacks on three large companies in one day. (Photo by Alejo Leguizamon/Shutterstock)

Given that LockBit recently imposed a payment deadline on Royal Mail following a successful breach, then failed to publish stolen data when the ransom wasn’t paid, the businesses may be sceptical that the criminals will make good on their threats. Even if the victims do pay up, there is no guarantee the stolen information will be released.

LockBit ransomware spree hits three large companies

The three have been issued with ultimatums by the gang. SRF, a multi-business chemicals manufacturer based in India, has been given until 1 March to respond before “all available data will be published”. 

Likewise, Argentinian oil and natural gas company Grupo Albanesi has today appeared on the blog, receiving a ransom deadline of 28 February.

The American convenience store chain CEFCO has also allegedly suffered a breach. The company has 200 branches throughout the states of Texas, Alabama, Mississippi, Oklahoma, Louisiana and Florida. Its deadline is 22 February.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

While these companies have appeared on the site, there is no guarantee that this corresponds to damage to the systems of the organisations or that their data will appear online as the deadline passes. Cybercriminals are notoriously unreliable and will often not release the data when they say they will or will hold on to encryption keys despite being paid a ransom, as has recently been experienced in the company’s dealings with Royal Mail.

None of the companies had responded to requests for comment from Tech Monitor at the time of writing, but a spokesperson for SRF told Cyber Express that the company has “observed that one of our non-essential IT infrastructure environments was non-responsive through our security monitoring systems and suspected some irregular activity”.

LockBit has been prolific in recent months

Based in Russia, LockBit has been one of the most active ransomware gangs observed in recent months. The gang was responsible for 33% of the ransomware attacks in the past six months of 2022, a 94% increase compared to its 2021 activity, according to research from cybersecurity vendor NCC Group.

The impact of LockBit’s attacks can be significant. Royal Mail’s international parcel delivery service is still out of action due to a hack that took place at the beginning of January. With the company’s data having not yet been released, security researcher Brett Callow, of Emsisoft, argues that LockBit is still hopeful of receiving a payout.

“This is likely harassment intended to keep the Royal Mail under pressure,” Callow tweeted. “In other cases, LockBit has repeatedly reset the countdown timer. Bottom line: LockBit will not release data until they have given up on being able to monetize the attack.”

Read more: LockBit claims attack on Italian tax office

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.