BlackBasta Responsible for Massive Data Leak
BlackBasta ransomware actors have announced a massive data breach today. The hackers apparently managed to steal over 800 GB of data. This includes HR information, employee records, and even confidential files.
- The victim is Henry Lambertz GmBH & Co. KG, a three-century-old bakery firm
- Henry Lambertz representatives have not commented on the situation yet, but the attack does appear to be legit
- BlackBasta is currently one of the most sophisticated and dangerous RaaS services in the world, with over 500 organizations breached worldwide
- The ransomware gang first came public in April of 2022 and grew fast over the following two years
As cybersecurity analysts have pointed out, BlackBasta appears to be very resourceful and sophisticated. The gang conducts attacks across multiple sectors, 12 of which are considered critical infrastructure. Naturally, law enforcement agencies came online fast.
Some of the gang’s most notable attacks include:
- Hyundai Europe in April 2022, leading to significant operational disruptions
- UK’s Capita firm in March 2023, the attack ultimately costing the victim upwards of $100 million
- The Chilean Government Customs Agency in October 2023
- The American Dental Association in April 2022, causing a multi-layered service disruption (e-mails, phones, online services.)
BlackBasta uses the double-extortion method to force its victims into paying the ransom. This is a typical strategy in the ransomware sphere, as it brings the most leverage into the negotiations.
The double-extortion practice refers to the attackers encrypting the victim’s files and stealing valuable data in the process. The victim then needs to negotiate the decryption tool, as well as the deletion of the data. As we will see, the latter never works as intended.
Should You Pay the Ransom?
The BlackBasta operators are typically very tough during negotiations, but this is the industry standard. The hackers will rarely accept any payment cut, which is understandable. However, if they do, that’s even worse.
It’s worse because it may convince you to pay. And that’s one mistake you wouldn’t want to do.
As cybersecurity experts show, paying the ransom only has temporary benefits. The hackers will restore your system by removing the encryption and, supposedly, delete the stolen data. We say “supposedly” because that’s unlikely to happen.
Instead, the hackers will most likely leak the data on the Dark Web anyway. If that doesn’t happen, they may sell or share it with other cybercriminal groups. Or keep it to themselves for later use.
This explains why victims who pay usually get targeted again, often times by different attackers. Sometimes by the same one.
The solution appears to be quite straightforward: don’t pay the hackers. And it is straightforward. The problem is that the situation is often more complex than that. Some companies may need to pay to restore their systems.
As history has showed, ransomware attacks can sometimes have devastating consequences. Especially when the targets operate in the public sector, such as health, public transportation, emergency services, and banking.
But as a general rule, the no-negotiation policy appears to be the most desirable. The reasoning is simple: if no one ever paid the ransom, ransomware attacks would cease to exist.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
