blackbasta attacks MH Group

Incident Date:

June 21, 2022

World map

Overview

Title

blackbasta attacks MH Group

Victim

MH Group

Attacker

Blackbasta

Location

Roma, Spain

Cerdanyola, Spain

First Reported

June 21, 2022

MH Group Suffers Ransomware Attack by BlackBasta

MH Group, a company operating in the Energy, Utilities & Waste sector, has been targeted by the ransomware group BlackBasta. The attack was announced on the group's dark web leak site, and the victim's website is grupmh.com. MH Group is a Spanish company that provides energy solutions for industrial and domestic use, as well as for the tertiary sector, including industries, sports facilities, offices, public buildings, hotels, restaurants, and educational institutions.

The company has over 500 contracts for maintenance in the industrial and tertiary sectors and serves more than 50,000 homes each year. MH Group's services are designed to offer the best service by adapting to each type of client, and they have a presence in various sectors, including solar energy, heating, and cooling systems, and energy efficiency.

The vulnerabilities that led to the attack are not explicitly mentioned in the search results. However, it is known that ransomware groups often exploit unpatched vulnerabilities in software and hardware to gain access to systems. In the case of BlackBasta, they have been known to exploit Citrix vulnerabilities, such as CVE-2023-4966, which was first exploited in October 2023.

The ransomware attack on MH Group is part of a broader trend of cybercriminal activity targeting various sectors, including corporate America, where ransomware groups have carried out more than 1,400 attacks since January 2020, collecting tens of millions of dollars in ransom payments. The attack on MH Group underscores the need for organizations to improve their cybersecurity defenses and implement robust security protocols to protect against such threats.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.