The Black Basta ransomware group has just confirmed on their Telegram group that they’ve attacked four new targets.
Black Basta’s most common attack pattern involves a double extortion tactic where they encrypt the victim’s data and servers, and then threaten to publish the data unless the victim pays the ransom.
Here’s a summary of the four new targets:
According to the hackers’ data leak site, they published all the data belonging to Etude Villa Florek already, with Arena Products and Agrovi having 3 more days to negotiate a ransom.
John Lilley & Gillie Ltd. is in an unclear position as of right now. None of their data has been published yet but neither do they have a deadline showcased on the leak site.
This isn’t Black Basta’s first cyberattack, though, so it’s safe to say they aren’t using idle threats to scare their victims. They’ve been involved in some of the biggest data breaches in recent times.
Black Basta is a pure ransomware group whose sole purpose is to extract valuable information and sell it or for intelligence gathering purposes.
They’ll use whatever means at their disposal to infiltrate a target, including spear phishing, lateral movement, custom-made malware, zero-day vulnerabilities, and more.
So far, they’ve launched more than 35 attacks against US-based companies, 10 against German ones, 6 against Canadian ones, and 4 in Switzerland, Italy, Austria, and Australia each.
They also have a data leak site where they post updates and threats to their victims, trying to convince them to accept the ransom.
Black Basta is targeting a wide range of industries and prefers high-profile targets like Adams Bank & trust, the North Carolina Housing Authority, and Twin Towers Trading.
As for the latest four targets – Agrovi, Arena Products, Etude Villa Florek, and John Lilley & Gillie Ltd – they appear to have been targeted for financial reasons.
We believe security online security matters and its our mission to make it a safer place.