blackbasta attacks LokalTog
Incident Date:
July 6, 2022
Overview
Title
blackbasta attacks LokalTog
Victim
LokalTog
Attacker
Blackbasta
Location
First Reported
July 6, 2022
BlackBasta Ransomware Attack on LokalTog
Company Overview
LokalTog, described as "Danmark's største" (Denmark's largest), operates 335 kilometers of tracks through Sjælland and Lolland-Falster. The company's mission is to connect local communities and provide unique experiences for its customers.
Vulnerabilities and Targeting
The transportation sector is increasingly becoming a prime target for ransomware attacks, with 45% of cyber attacks in the sector being ransomware-related. The European Union Agency for Cybersecurity (ENISA) has highlighted ransomware as the predominant threat to the rail sector, also accounting for 45% of cyber attacks.
Impact of the Attack
The attack on LokalTog by the BlackBasta ransomware group is part of a broader pattern of attacks targeting the transportation sector. Between February and July 2022, BlackBasta and BlackByte targeted 81 victim organizations, including notable companies within the transportation sector such as Deutsche Windtechnik, The Groupe Laiteries Réunies, Jacob Becker, and RadiciGroup, as reported by eSentire.
Mitigation Strategies
To defend against ransomware attacks, organizations are advised to enhance their cybersecurity posture. This includes conducting regular software updates, providing employee training on cybersecurity awareness, and implementing comprehensive backup and recovery strategies.
Sources
- LokalTog. (n.d.). Lokal og Danmarks største. Retrieved April 10, 2024, from http://www.lokaltog.dk/
- RailTech.com. (2023, March 24). What cyber attack risks do the railways face? Retrieved April 10, 2024, from https://www.railtech.com/digitalisation/2023/03/24/what-cyber-attack-risks-do-the-railways-face/
- Infosecurity-Magazine. (2022, November 8). Conti Affiliates Black Basta, BlackByte Attack EU Critical Infrastructure. Retrieved April 10, 2024, from https://www.infosecurity-magazine.com/news/black-basta-blackbyte-attack-eu/
- ENISA. (2023). ENISA THREAT LANDSCAPE: transport sector. Retrieved April 10, 2024, from https://www.enisa.europa.eu/publications/enisa-transport-threat-landscape/%40%40download/fullReport
- RailJournal. (2023, March 22). EU cybersecurity agency reports on threat to rail. Retrieved April 10, 2024, from https://www.railjournal.com/technology/eu-cybersecurity-agency-reports-on-threat-to-rail/
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.