Cyber Incident Victim: Ultrapar
Date:
Jan 2021
Location:
Brazil
Summary
A Brazilian fuel distributor experienced a ransomware attack that disrupted operations at some subsidiaries. The company implemented security measures and gradually restored its operating systems, with critical information systems fully operational shortly after the incident. No further details about the attack's origin or specific impacts were disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Ultrapar Participações S.A., a Brazilian fuel distribution company, disclosed a ransomware cyber attack impacting operations at some subsidiaries in a securities filing on January 12, 2021. The company provided no immediate details regarding the attack vector, scope of compromised systems, or identity of threat actors. Ultrapar initiated containment protocols by implementing undisclosed security and control measures to isolate affected infrastructure and prevent lateral movement. The incident caused operational disruptions across subsidiary networks, though the company did not specify which business units or geographic regions experienced downtime. By January 14, 2021—two days after initial disclosure—Ultrapar reported gradual restoration of operating systems across corporate and subsidiary environments through coordinated recovery efforts. The restoration timeline indicates systems remained partially impaired for at least 48 hours post-detection, though the filing omitted technical specifics about data loss, encryption severity, or ransom demands.
Ultrapar confirmed full operational restoration of all critical information systems for the parent company and subsidiaries in a subsequent January 14 securities update. The company characterized the resolution as achieving 100% functionality across essential infrastructure without elaborating on residual impacts or forensic findings. No evidence suggested customer data exfiltration or secondary attacks during the recovery phase based on disclosed information. The incident required temporary operational adjustments across affected subsidiaries, though Ultrapar did not quantify financial losses, supply chain delays, or volume reductions in fuel distribution. Normal business operations resumed following system validation, with the company emphasizing procedural compliance through security measures without detailing specific technical remediations. The ransomware attack represents a confirmed disruption to critical energy sector infrastructure in Brazil, resolved through enterprise-wide restoration efforts across a three-day remediation window.