Black Bros. Co. Targeted by Black Basta Ransomware Group

Company Overview

Black Bros. Co., a manufacturer with a rich history since 1882, stands as a leader in the production of high-quality machinery known for its durability and efficiency. The company has established a global presence through its commitment to innovative engineering, comprehensive onsite testing, and exceptional customer service.

Attack Details

The Black Basta ransomware group, a Russian-speaking entity active since early 2022, has recently targeted Black Bros. Co. This group is notorious for its double extortion tactics, which involve encrypting the victim's data and then threatening to release it publicly unless a ransom is paid. Their focus on English-speaking countries hints at a potential political motive behind their operations.

Vulnerabilities

Black Basta's method of gaining entry into an organization's network often begins with phishing emails containing malicious links. Upon gaining initial access, they utilize credentials bought from the Dark Web to navigate through the network, deploying ransomware through various tools and methods such as Qakbot, SystemBC, Mimikatz, CobaltStrike, and Rclone.

Impact

While Black Bros. Co. has not officially disclosed the incident, the Black Basta group has publicly claimed responsibility for the attack on their dark web leak site, detailing the breach and the data compromised.

Mitigation Strategies

To defend against ransomware attacks, organizations are advised to adopt advanced endpoint security solutions, enforce a robust backup strategy, and conduct regular training for employees on recognizing phishing attempts and adhering to security best practices.

Sources

• Black Bros. Co. (n.d.). Home | Black Bros. Co.
• U.S. Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) (2023, March 15). HC3: Threat Profile.
• BlackBerry (n.d.). Who Is Black Basta? - BlackBerry.