Cyber Incident Victim: Monte Cristalina S.A.

On December 19, 2022, the LockBit3.0 ransomware group listed Monte Cristalina S.A. on their data leak site, asserting possession of 135GB of data from the holding company. The threat actors uploaded a portion of the allegedly stolen information as proof of compromise, though the specific content or file types were not detailed in available reports. Concurrently, access to Monte Cristalina’s official website became blocked, though it remains unclear whether this disruption resulted from defensive actions by the company or offensive measures by the attackers. No public statements from Monte Cristalina regarding operational impacts, data integrity issues, or financial demands were documented during the initial exposure period. LockBit3.0 maintained their claim on the leak site, a platform historically used by the group to pressure victims through incremental data releases prior to full publication. The incident occurred amid simultaneous ransomware campaigns targeting other regional entities, including Einatec and Cervecería Regional, though no connective evidence between these attacks was established in reporting.

Monte Cristalina did not acknowledge the breach through its web presence or social media channels as of December 28, 2022, based on external monitoring by cybersecurity outlets. DataBreaches.net attempted to contact the company but received no response to inquiries about the attack’s validity or scope. LockBit3.0’s proof samples were assessed as credible by third-party observers, though independent verification of the full 135GB dataset’s authenticity remained unconfirmed. The website blockade persisted through the reporting period, indicating potential ongoing remediation efforts or sustained disruption. No further details regarding data recovery, forensic investigations, or threat actor communications were disclosed in available sources during the incident’s initial disclosure phase.