Black Basta Ransomware Attack on Talalay Global: Data Encryption and Disruption
Incident Date:
June 7, 2024
Overview
Title
Black Basta Ransomware Attack on Talalay Global: Data Encryption and Disruption
Victim
Talalay Global
Attacker
Blackbasta
Location
First Reported
June 7, 2024
Ransomware Attack on Talalay Global by Black Basta
Overview of Talalay Global
Talalay Global, headquartered in Shelton, Connecticut, is a leading producer of high-quality latex sleep products, including mattresses, mattress toppers, and pillows. The company employs the unique Talalay process, which enhances the consistency and durability of its latex products. Known for their superior comfort, breathability, and hypoallergenic properties, Talalay Global's products are highly regarded in the bedding industry. The company emphasizes sustainability, sourcing latex from renewable rubber trees and minimizing waste and energy consumption.
Details of the Ransomware Attack
The ransomware group Black Basta executed a significant attack on Talalay Global, resulting in the encryption of 300GB of data. The compromised data included sensitive company information, HR records, payroll, accounting details, and personal information of users and employees. This cyberattack severely disrupted Talalay Global's production processes, impacting their operations.
About Black Basta
Black Basta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group. Black Basta targets organizations in highly targeted attacks, employing a double extortion tactic by encrypting critical data and threatening to publish it if the ransom is not paid. The group uses sophisticated methods for initial access, lateral movement, and data exfiltration, including spear-phishing campaigns, credential harvesting tools, and command and control (C2) tools.
Penetration and Impact
Black Basta likely penetrated Talalay Global's systems through a combination of spear-phishing campaigns and exploiting vulnerabilities within the company's network. Once inside, the group used tools like QakBot and Mimikatz to move laterally and harvest credentials. The attack on Talalay Global underscores the vulnerabilities that manufacturing companies face, particularly those with extensive digital operations and sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.