blackbasta attacks Wenzel + Wenzel GmbH
Incident Date:
August 6, 2022
Overview
Title
blackbasta attacks Wenzel + Wenzel GmbH
Victim
Wenzel + Wenzel GmbH
Attacker
Blackbasta
Location
First Reported
August 6, 2022
Wenzel + Wenzel GmbH Suffers Ransomware Attack by Blackbasta
Company Overview
Wenzel + Wenzel GmbH, a distinguished construction firm with over six decades of history, is celebrated for its dedication to producing outstanding architecture under the principle that no project is too challenging to undertake. The company has contributed to several notable projects, such as the Badische Staatstheater and the Ulmer Wissenschaftsstadt SCIENCE PARK III, emphasizing sustainability and partnership with other architectural entities.
Vulnerabilities and Targeting
The precise vulnerabilities exploited in the ransomware attack by Blackbasta on Wenzel + Wenzel remain undisclosed. Typically, ransomware syndicates exploit gaps in cybersecurity defenses, including outdated software, unpatched systems, or insufficient password policies. It underscores the importance of maintaining comprehensive cybersecurity protocols to thwart such incursions.
Blackbasta's Attack
Blackbasta, a ransomware collective, has been operational since at least 2020, initially gaining attention with the deployment of Avaddon ransomware. The group employs a JavaScript dropper to deliver a .NET payload and is notorious for appending the .clop extension to files it encrypts, marking its distinct operational footprint.
The breach of Wenzel + Wenzel GmbH by Blackbasta underscores the persistent ransomware menace facing various sectors. It is imperative for enterprises to uphold vigilance and allocate resources towards comprehensive cybersecurity defenses to mitigate the risk of such assaults.
Sources
- Wenzel + Wenzel. (n.d.). Retrieved April 10, 2024, from https://www.wenzel-wenzel.com/de
- ResearchGate. (n.d.). STIX representation of Wannacry Ransomware. Retrieved April 10, 2024, from https://www.researchgate.net/figure/STIX-representation-of-Wannacry-Ransomware_fig2_329064578
- RansomLook. (n.d.). Groups profiles. Retrieved April 10, 2024, from https://www.ransomlook.io/groups
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.