Black Basta attacks Blount Fine Foods

Incident Date:

July 1, 2023

World map



Black Basta attacks Blount Fine Foods


Blount Fine Foods




Fall River, USA

Massacheusets, USA

First Reported

July 1, 2023

The Black Basta Ransomware Attack on Blount Fine Foods

The Black Basta ransomware gang has attacked Blount Fine Foods. Blount Fine Foods, previously known as Blount Seafood, is a company that specializes in the production of prepared foods and soups. They manufacture a variety of frozen and fresh soups under their own Blount brand, as well as for well-known brands like Panera Bread and Legal Sea Foods. The company is based in Fall River, Massachusetts, and operates a production facility in Warren, Rhode Island.

Black Basta posted Blount Fine Foods to its data leak site on July 1st, publishing 8% of allegedly stolen data. The ransomware gang has not disclosed any further details.

Who is Black Basta?

Black Basta is a more recent RaaS (Ransomware-as-a-Service) player that first emerged in early 2022 and is assessed by some researchers to be a revival of the Conti and REvil attack groups. Black Basta continues to evolve their RaaS platform, with ransomware payloads that can infect systems running both Windows and Linux systems by exploiting vulnerabilities in VMware ESXi running on enterprise servers and uses both ChaCha20 and RSA-4096 for rapid encryption of the targeted network and, in some cases, leverages malware strains like Qakbot and exploits like PrintNightmare during the infection process.

Black Basta typically targets manufacturing, transportation, construction and related services, telecommunications, the automotive sector, and more.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.