Cyber Incident Victim: Schrader Camargo
Date:
Mar 2023
Location:
Colombia
Summary
Schrader Camargo, an engineering, procurement, and construction services firm, was listed on the LockBit ransomware group's leak site with attackers claiming possession of approximately 267GB of data and publishing limited samples. The company had not publicly acknowledged the incident or responded to inquiries at the time of reporting, and LockBit had not released the full dataset beyond the initial samples. No further details regarding potential operational impacts or compromised information specifics were disclosed by either party.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Schrader Camargo, an EPC (Engineering, Procurement, and Construction) services provider, was named as a victim by the LockBit 3.0 ransomware group. This incident was publicly disclosed on March 11, 2023, when LockBit added Schrader Camargo's name to its dedicated leak site alongside samples of purportedly stolen data. The ransomware group claimed to possess approximately 267GB of data from the company but had only released limited samples at the time of reporting. No further data leaks had occurred by March 17 based on publicly available information. LockBit’s standard operational pattern involves exfiltrating victim data prior to encryption and threatening its release unless ransom demands are met. The 267GB data claim suggested potentially significant exfiltration of company information, though neither the precise data types nor systems compromised were explicitly detailed in the available reporting. There were no public reports detailing the method of initial compromise, the timeline of system intrusions, or whether encryption of systems occurred alongside the data theft. External observers first learned of the incident through LockBit's leak site rather than through voluntary disclosure by Schrader Camargo.
Schrader Camargo maintained no public communications regarding the incident as of March 16-17, 2023. The company’s website and social media channels displayed no notifications, advisories, or acknowledgments of a cybersecurity incident affecting their operations. A media inquiry sent directly to Schrader Camargo via email on March 16 received no response by the time of the article's publication. This lack of official confirmation or details from the company left the scope and severity of the incident unverified beyond the claims made by LockBit. No information was available regarding internal detection mechanisms, containment actions taken, or potential operational impacts suffered by Schrader Camargo. External parties had not observed any remediation updates or third-party corroboration of LockBit’s assertions beyond the initial data samples. Unlike contemporaneous incidents involving other organizations mentioned in the same reporting timeframe – including ransomware attacks against Puerto Rico's water authority and a Spanish hospital group – Schrader Camargo's incident lacked any complementary statements from sector authorities, cybersecurity researchers, or law enforcement regarding investigation status or forensic findings.