blackbasta attacks SHI
Incident Date:
September 7, 2022
Overview
Title
blackbasta attacks SHI
Victim
SHI
Attacker
Blackbasta
Location
First Reported
September 7, 2022
SHI International Hit by Blackbasta Ransomware Attack
Company Overview
SHI International is a global provider of IT services, including security, productivity, cloud, and infrastructure solutions. The company operates in the Business Services sector and has a significant presence in the IT industry, with a $12 billion revenue in 2021 and over 5,000 employees worldwide.
Industry Standout
SHI is known for its expertise in helping organizations select, deploy, and manage the right technologies for their needs. The company has a wide range of services, from hardware and software procurement to advanced licensing, data center configuration, IT asset management, and AI services.
Vulnerabilities
The attack on SHI highlights the increasing threat of ransomware attacks on large managed service providers (MSPs) and the need for robust cybersecurity measures. In the case of SHI, the attack occurred over the Fourth of July holiday weekend, and the company's website and email were taken offline for investigation and system integrity assessment.
Impact
The attack on SHI is significant due to the company's size and the potential impact on its customers. The incident serves as a reminder of the importance of maintaining strong cybersecurity defenses and the potential consequences of a successful ransomware attack.
Response
SHI has been working to restore its systems and has reassured customers that there is no evidence of customer data being exfiltrated during the attack. The company has also been liaising with federal bodies, including the FBI and CISA, as part of the ongoing investigation.
Sources
- SHI | Global Security, Productivity, Cloud and Infrastructure IT solutions provider
- SHI International Malware Attack: 5 Big Things To Know - CRN
- SHI Hit By 'Coordinated And Professional Malware Attack' - CRN
- IT services giant SHI hit by "professional malware attack"
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.