blackbasta attacks SHI

Incident Date:

September 7, 2022

World map



blackbasta attacks SHI






Segundo, USA

California, USA

First Reported

September 7, 2022

SHI International Hit by Blackbasta Ransomware Attack

Company Overview

SHI International is a global provider of IT services, including security, productivity, cloud, and infrastructure solutions. The company operates in the Business Services sector and has a significant presence in the IT industry, with a $12 billion revenue in 2021 and over 5,000 employees worldwide.

Industry Standout

SHI is known for its expertise in helping organizations select, deploy, and manage the right technologies for their needs. The company has a wide range of services, from hardware and software procurement to advanced licensing, data center configuration, IT asset management, and AI services.


The attack on SHI highlights the increasing threat of ransomware attacks on large managed service providers (MSPs) and the need for robust cybersecurity measures. In the case of SHI, the attack occurred over the Fourth of July holiday weekend, and the company's website and email were taken offline for investigation and system integrity assessment.


The attack on SHI is significant due to the company's size and the potential impact on its customers. The incident serves as a reminder of the importance of maintaining strong cybersecurity defenses and the potential consequences of a successful ransomware attack.


SHI has been working to restore its systems and has reassured customers that there is no evidence of customer data being exfiltrated during the attack. The company has also been liaising with federal bodies, including the FBI and CISA, as part of the ongoing investigation.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.