blackbasta attacks LokalTog

Incident Date:

July 6, 2022

World map



blackbasta attacks LokalTog






Sejrsvej, Denmark

Holbæk, Denmark

First Reported

July 6, 2022

BlackBasta Ransomware Attack on LokalTog

Company Overview

LokalTog, described as "Danmark's største" (Denmark's largest), operates 335 kilometers of tracks through Sjælland and Lolland-Falster. The company's mission is to connect local communities and provide unique experiences for its customers.

Vulnerabilities and Targeting

The transportation sector is increasingly becoming a prime target for ransomware attacks, with 45% of cyber attacks in the sector being ransomware-related. The European Union Agency for Cybersecurity (ENISA) has highlighted ransomware as the predominant threat to the rail sector, also accounting for 45% of cyber attacks.

Impact of the Attack

The attack on LokalTog by the BlackBasta ransomware group is part of a broader pattern of attacks targeting the transportation sector. Between February and July 2022, BlackBasta and BlackByte targeted 81 victim organizations, including notable companies within the transportation sector such as Deutsche Windtechnik, The Groupe Laiteries Réunies, Jacob Becker, and RadiciGroup, as reported by eSentire.

Mitigation Strategies

To defend against ransomware attacks, organizations are advised to enhance their cybersecurity posture. This includes conducting regular software updates, providing employee training on cybersecurity awareness, and implementing comprehensive backup and recovery strategies.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.