BlackBasta Ransomware Attack on Akdeniz Chemson: Data Breach Threat

Incident Date:

June 7, 2024

World map

Overview

Title

BlackBasta Ransomware Attack on Akdeniz Chemson: Data Breach Threat

Victim

Akdeniz Chemson

Attacker

Blackbasta

Location

İzmir, Turkey

, Turkey

First Reported

June 7, 2024

BlackBasta Ransomware Attack on Akdeniz Chemson

Overview of Akdeniz Chemson

Akdeniz Chemson, headquartered in Izmir, Turkey, is a global leader in the production and supply of polymer additives, particularly stabilizers for the PVC industry. The company, with 720 employees, specializes in developing chemical additives that enhance the properties and performance of polymers, ensuring the durability and stability of PVC products. Akdeniz Chemson's commitment to innovation and sustainability has solidified its position as a key player in the polymer additives market.

Details of the Attack

On June 8, 2024, at 12:10, the ransomware group BlackBasta executed a significant attack on Akdeniz Chemson. The group claims to have stolen over 500GB of sensitive data, including financial and HR information. They have issued a ransom demand with a deadline of June 13, 2024, threatening to release the stolen data if the ransom is not paid. This breach has caused substantial operational disruptions for Akdeniz Chemson, impacting its role as a key supplier in the global PVC and polymer industry.

About BlackBasta

BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is known for its double extortion tactics, encrypting victims' data and threatening to publish it on their dark web leak site. BlackBasta targets organizations in highly targeted attacks, often using spear-phishing campaigns, insider information, and buying network access to penetrate systems. The group has been linked to over 500 attacks worldwide, making up to $100 million in ransom payments.

Potential Vulnerabilities

Akdeniz Chemson's extensive global operations and significant data repositories make it a lucrative target for ransomware groups like BlackBasta. The company's reliance on digital infrastructure for manufacturing and R&D activities could have provided multiple entry points for the attackers. The use of advanced tools by BlackBasta, such as QakBot and Cobalt Strike Beacons, likely facilitated lateral movement and data exfiltration within Akdeniz Chemson's network.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.