blackbasta attacks Wenzel + Wenzel GmbH

Incident Date:

August 6, 2022

World map



blackbasta attacks Wenzel + Wenzel GmbH


Wenzel + Wenzel GmbH




Donaustraße, Germany

Karlsruhe, Germany

First Reported

August 6, 2022

Wenzel + Wenzel GmbH Suffers Ransomware Attack by Blackbasta

Company Overview

Wenzel + Wenzel GmbH, a distinguished construction firm with over six decades of history, is celebrated for its dedication to producing outstanding architecture under the principle that no project is too challenging to undertake. The company has contributed to several notable projects, such as the Badische Staatstheater and the Ulmer Wissenschaftsstadt SCIENCE PARK III, emphasizing sustainability and partnership with other architectural entities.

Vulnerabilities and Targeting

The precise vulnerabilities exploited in the ransomware attack by Blackbasta on Wenzel + Wenzel remain undisclosed. Typically, ransomware syndicates exploit gaps in cybersecurity defenses, including outdated software, unpatched systems, or insufficient password policies. It underscores the importance of maintaining comprehensive cybersecurity protocols to thwart such incursions.

Blackbasta's Attack

Blackbasta, a ransomware collective, has been operational since at least 2020, initially gaining attention with the deployment of Avaddon ransomware. The group employs a JavaScript dropper to deliver a .NET payload and is notorious for appending the .clop extension to files it encrypts, marking its distinct operational footprint.

The breach of Wenzel + Wenzel GmbH by Blackbasta underscores the persistent ransomware menace facing various sectors. It is imperative for enterprises to uphold vigilance and allocate resources towards comprehensive cybersecurity defenses to mitigate the risk of such assaults.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.