blackbasta attacks SCHMIDT.Group

Incident Date:

July 6, 2022

World map



blackbasta attacks SCHMIDT.Group






Druffels Weg, Germany

Coesfeld, Germany

First Reported

July 6, 2022

SCHMIDT.Group: A Manufacturing Sector Victim of BlackBasta Ransomware Attack

Company Overview

SCHMIDT.Group is a leading, medium-sized, and sustainable business group that makes modern and high-quality offerings accessible to a wide audience. The company is known for its family-oriented approach and its commitment to making advanced solutions available to the general public.

Industry Standout

SCHMIDT.Group operates in the manufacturing sector, which is a significant target for ransomware attacks due to the potential for disrupting critical operations and causing financial losses. The manufacturing industry is also known for its reliance on technology and digital systems, making it a prime target for cybercriminals.


The ransomware attack on SCHMIDT.Group highlights the importance of cybersecurity in the manufacturing sector. The attack could have exploited unpatched vulnerabilities, compromised credentials, or other weaknesses in the company's systems. The 2022 Unit 42 Incident Response Report indicates that 48% of ransomware cases began with software vulnerabilities, and 32% of ransomware attacks experienced by survey respondents in the past year started with an exploited vulnerability.

Mitigation Strategies

To mitigate the risk of ransomware attacks, organizations should focus on understanding the attack surface, maintaining and patching technology infrastructures, and implementing platforms for endpoint detection and response (EDR), security orchestration, automation, and response (SOAR), and active attack surface management (ASM).

The ransomware attack on SCHMIDT.Group serves as a reminder of the importance of cybersecurity in the manufacturing sector. By understanding the attack surface, maintaining technology infrastructures, and implementing robust security measures, organizations can better protect themselves against ransomware attacks and other cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.