blackbasta attacks ALRO

Incident Date:

October 20, 2022

World map



blackbasta attacks ALRO






Jackson, USA

Michigan, USA

First Reported

October 20, 2022

Alro Ransomware Attack by Blackbasta

Alro, a prominent metals and plastics service center, has recently fallen victim to a ransomware attack orchestrated by the Blackbasta group. This incident was disclosed on the group's dark web leak site, impacting Alro's online presence. Established in 1948, Alro has been a significant player in the manufacturing sector, boasting over 80 locations across 16 states and offering an extensive array of metals and plastics products and services.

Blackbasta, a ransomware group active since at least November 18, 2021, employs sophisticated encryption algorithms such as AES or ChaCha20 to lock down files. The group's operations, characterized by ransomware as a service (RaaS), have spanned various industries, with manufacturing among the targeted sectors.

The susceptibility of Alro to this cyber assault might stem from outdated security protocols or a successful phishing campaign. Ransomware syndicates frequently leverage known IT system vulnerabilities, underscoring the importance of diligent patching, updates, and maintenance as defensive measures.

This attack underscores a broader pattern of ransomware threats facing diverse industries, including manufacturing. Such incidents can precipitate considerable operational disruptions and financial repercussions. To counteract these risks, organizations are advised to adhere to cybersecurity best practices, including regular data backups, system patching, and comprehensive employee training.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.