Black Basta Ransomware Targets MGF Sourcing, Threatens Data Leak
Incident Date:
June 17, 2024
Overview
Title
Black Basta Ransomware Targets MGF Sourcing, Threatens Data Leak
Victim
MGF Sourcing
Attacker
Blackbasta
Location
First Reported
June 17, 2024
Ransomware Attack on MGF Sourcing by Black Basta Group
Company Profile: MGF Sourcing
MGF Sourcing, headquartered in Columbus, Ohio, is a prominent player in the global apparel and fashion industry, specializing in sourcing and supply chain management. With a workforce of approximately 459 employees and an annual revenue of $153.7 million, the company excels in providing comprehensive services ranging from product development to logistics. MGF Sourcing's extensive network across countries like China, Hong Kong, and India, among others, positions it as a critical link in the apparel retail sector, particularly for U.S.-based specialty retailers.
Details of the Ransomware Attack
The Black Basta ransomware group has claimed responsibility for a significant cyberattack on MGF Sourcing, alleging the theft of 500 GB of sensitive data, including HR records and financial information. The group has threatened to release the data unless negotiations are initiated within an eight-day deadline. This incident underscores the vulnerabilities even well-established firms face in the digital age.
About Black Basta Ransomware Group
Emerging in early 2022, Black Basta is known for its targeted attacks and double extortion tactics. The group's modus operandi includes spear-phishing, exploiting network vulnerabilities, and lateral movement facilitated by tools like QakBot and Mimikatz. Black Basta's approach not only disrupts operations but also poses a severe threat to data integrity and business continuity.
Potential Vulnerabilities and Attack Vectors
MGF Sourcing's extensive global network and reliance on digital technologies for supply chain management may have exposed it to increased cybersecurity risks. The integration of various IT systems across multiple geographic locations potentially opens up several attack vectors for groups like Black Basta. The company's significant data pools, from design specs to supplier contracts, present lucrative targets for cybercriminals looking to leverage stolen information for ransom.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.