Black Basta Ransomware Targets MGF Sourcing, Threatens Data Leak

Incident Date:

June 17, 2024

World map

Overview

Title

Black Basta Ransomware Targets MGF Sourcing, Threatens Data Leak

Victim

MGF Sourcing

Attacker

Blackbasta

Location

Columbus, USA

Ohio, USA

First Reported

June 17, 2024

Ransomware Attack on MGF Sourcing by Black Basta Group

Company Profile: MGF Sourcing

MGF Sourcing, headquartered in Columbus, Ohio, is a prominent player in the global apparel and fashion industry, specializing in sourcing and supply chain management. With a workforce of approximately 459 employees and an annual revenue of $153.7 million, the company excels in providing comprehensive services ranging from product development to logistics. MGF Sourcing's extensive network across countries like China, Hong Kong, and India, among others, positions it as a critical link in the apparel retail sector, particularly for U.S.-based specialty retailers.

Details of the Ransomware Attack

The Black Basta ransomware group has claimed responsibility for a significant cyberattack on MGF Sourcing, alleging the theft of 500 GB of sensitive data, including HR records and financial information. The group has threatened to release the data unless negotiations are initiated within an eight-day deadline. This incident underscores the vulnerabilities even well-established firms face in the digital age.

About Black Basta Ransomware Group

Emerging in early 2022, Black Basta is known for its targeted attacks and double extortion tactics. The group's modus operandi includes spear-phishing, exploiting network vulnerabilities, and lateral movement facilitated by tools like QakBot and Mimikatz. Black Basta's approach not only disrupts operations but also poses a severe threat to data integrity and business continuity.

Potential Vulnerabilities and Attack Vectors

MGF Sourcing's extensive global network and reliance on digital technologies for supply chain management may have exposed it to increased cybersecurity risks. The integration of various IT systems across multiple geographic locations potentially opens up several attack vectors for groups like Black Basta. The company's significant data pools, from design specs to supplier contracts, present lucrative targets for cybercriminals looking to leverage stolen information for ransom.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.