blackbasta attacks AMPORTS
Incident Date:
October 12, 2022
Overview
Title
blackbasta attacks AMPORTS
Victim
AMPORTS
Attacker
Blackbasta
Location
First Reported
October 12, 2022
AMPORTS Suffers Ransomware Attack by BlackBasta
On April 4, 2024, the ransomware group BlackBasta claimed responsibility for an attack on AMPORTS, a prominent player in the transportation sector. AMPORTS is recognized for its global automotive services and port terminal operations, emphasizing quality, safety, operational excellence, and customer satisfaction. The organization is committed to Environmental, Social, and Governance (ESG) policies, underscoring environmental responsibility, social accountability, and strong governance. Specializing in electric vehicle (EV) services, AMPORTS focuses on software updates, customizations, and charging infrastructure.
Despite its significant presence in multiple locations, including Benicia, Freeport, Jacksonville, Baltimore Dundalk, and Baltimore Atlantic, specific details regarding AMPORTS's size and cybersecurity measures remain undisclosed. This lack of information raises questions about the company's vulnerabilities and preparedness against cyber threats.
BlackBasta Ransomware Group
Active since at least October 12, 2022, BlackBasta is known for its sophisticated ransomware attacks. The group employs a JavaScript dropper to deploy a .NET payload, facilitating execution across Windows, Linux-based systems, and VMWare ESXi. BlackBasta's capabilities include file encryption using AES or ChaCha20 algorithms, deletion of volume shadow copies, and the ability to halt processes, services, and virtual machines on ESXi servers.
Broader Implications of the Attack
The incident at AMPORTS is indicative of a larger pattern of ransomware attacks targeting diverse sectors, including manufacturing, communications, healthcare, and public health. In response, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued joint cybersecurity advisories. These advisories aim to bolster organizational defenses against ransomware, highlighting specific vulnerabilities such as CVE-2023-4966, which impacts Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.
AMPORTS's experience underscores the critical need for transparency and robust cybersecurity measures within organizations. As ransomware groups like BlackBasta continue to pose significant threats, adherence to cybersecurity advisories and proactive defense strategies become paramount for safeguarding against such attacks.
Sources
- Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) joint cybersecurity advisories. URL: https://www.cisa.gov/uscert/ncas/alerts
- Details on CVE-2023-4966 can be found at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4966
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.