Black Basta Ransomware Targets Amper S.A., Steals 650GB of Data

Incident Date:

June 17, 2024

World map

Overview

Title

Black Basta Ransomware Targets Amper S.A., Steals 650GB of Data

Victim

Amper S.A.

Attacker

Blackbasta

Location

Pozuelo de Alarcón, Spain

, Spain

First Reported

June 17, 2024

Analysis of the Black Basta Ransomware Attack on Amper S.A.

Company Profile: Amper S.A.

Amper S.A., a prominent Spanish technology firm, specializes in telecommunications, defense, and industrial automation. With a workforce exceeding 1,000 employees and a 2022 revenue of €270 million, Amper stands out in its industry due to its extensive involvement in advanced technological solutions and services. The company's operations span across Spain, the United States, Latin America, and the South Pacific, emphasizing network infrastructure, cybersecurity, and digital transformation solutions.

Vulnerabilities and Target Appeal

Amper's extensive data repositories and integral role in critical infrastructure make it an attractive target for cybercriminals. The company's vast array of sensitive information, including military and telecommunications data, presents significant risks if exposed or compromised.

Attack Overview

On June 6, the Black Basta group initiated a ransomware attack against Amper S.A. through a phishing scheme directed at an employee's computer. This breach led to the unauthorized access and theft of approximately 650 gigabytes of critical data, encompassing R&D projects, personal information, and various administrative records. Despite the extensive data compromise, Amper maintained that the attack did not impact critical systems or disrupt key operations.

Ransomware Group: Black Basta

Black Basta, known for its sophisticated ransomware operations, distinguishes itself through targeted attacks, often employing double extortion tactics. This group, emerging from the remnants of the Conti group, has demonstrated capabilities in executing high-profile breaches, leveraging methods such as spear-phishing, exploitation of vulnerabilities, and advanced malware deployment to infiltrate and control victim networks.

Method of Penetration

The initial breach was facilitated through a phishing email, a common yet effective entry tactic used by Black Basta. This method underscores the importance of robust cybersecurity training and awareness among employees as a critical defense layer against such attacks.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.