Black Basta's Ransomware Attack on Numotion: What You Need to Know

Incident Date:

April 9, 2024

World map

Overview

Title

Black Basta's Ransomware Attack on Numotion: What You Need to Know

Victim

Numotion

Attacker

Blackbasta

Location

Brentwoood, USA

Tennessee, USA

First Reported

April 9, 2024

Ransomware Attack on Numotion

Company Profile

Operating in the Healthcare Services sector, Numotion provides mobility solutions like wheelchairs and repair services. Renowned for its customer service focus and efforts to enhance the service and repair ecosystem, the company offers a range of mobility products, including power chairs, mobility scooters, lift chairs, and ramps.

Company Size and Industry Standing

A significant player in the global wheelchair market, Numotion holds notable market share. Strategic moves like acquisitions and partnerships, such as the acquisition by AEA in 2018 and the acquisition of Medline in 2023 for $1.4 billion, shows the growth and influence of the company.

Attack Details

In a cybercrime incident targeting Numotion, the attacker, known as BlackBasta, employed ransomware to compromise the victim's website. The attack resulted in the exfiltration of 2 TB of sensitive data, including HR, payroll, financial, legal, and user information. A sample of leaked data was provided, with a ransom deadline of April 14th, 2024.

Vulnerabilities and Targeting

Numotion's prominence in healthcare and critical infrastructure makes it a prime target for threat actors like Black Basta. Its focus on customer service and repair services may involve sensitive data susceptible to exploitation. Strategic acquisitions and partnerships could introduce network security vulnerabilities, increasing susceptibility to cyber threats.

A ransomware group targeting large organizations, including healthcare, Black Basta employs sophisticated tactics like double extortion. Associated with other threat actors like Conti and FIN7, BlackBasta poses a significant threat to organizations like Numotion.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.