Atos Falls Victim to BlackBasta Ransomware Attack, Compromising 710GB of Sensitive Data

Overview of Atos

Atos is a global leader in digital transformation, specializing in cybersecurity, cloud computing, and high-performance computing. With approximately 107,000 employees and an annual revenue of around €11 billion, Atos operates in 69 countries and is recognized as the European leader in its field. The company provides tailored, end-to-end solutions across various industries, emphasizing a secure and decarbonized digital environment for its clients. Atos is structured as a Societas Europaea (SE) and is listed on Euronext Paris.

Details of the Ransomware Attack

Atos has fallen victim to a ransomware attack orchestrated by the BlackBasta group, resulting in the compromise of a substantial 710GB of data. The stolen data encompasses a wide array of sensitive information, including company data, confidential documents, personal employee records, project details, and client information. This breach poses significant risks to the company's operations, employee privacy, and client trust, necessitating immediate and comprehensive response measures to mitigate the impact and prevent further damage.

About BlackBasta Ransomware Group

BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group due to similarities in their approach to malware development and operations. BlackBasta targets organizations in highly targeted attacks, employing a double extortion tactic by encrypting critical data and threatening to publish sensitive information on their public leak site if the ransom is not paid. The group has targeted over 500 organizations worldwide, making up to US$ 100 million in ransom payments from more than 90 victims.

Potential Vulnerabilities and Penetration Methods

BlackBasta employs several strategies to gain initial access to target networks, including spear-phishing campaigns, insider information, and buying network access. Once inside a network, the group uses tools like QakBot, Mimikatz, and exploiting vulnerabilities to move laterally and harvest credentials. For maintaining control over compromised systems, BlackBasta uses tools like Cobalt Strike Beacons, SystemBC, and Rclone. Before encrypting files, the group disables security tools, deletes shadow copies, and exfiltrates sensitive data to maximize their leverage.

Sources

• Atos Company Profile
• Understanding Black Basta Ransomware
• Black Basta Ransomware Protection
• Black Basta Ransomware Attack Targets Ascension Healthcare
• Black Basta Ransomware Victim