BlackBasta Ransomware Attack on Akdeniz Chemson: Data Breach Threat
Incident Date:
June 7, 2024
Overview
Title
BlackBasta Ransomware Attack on Akdeniz Chemson: Data Breach Threat
Victim
Akdeniz Chemson
Attacker
Blackbasta
Location
First Reported
June 7, 2024
BlackBasta Ransomware Attack on Akdeniz Chemson
Overview of Akdeniz Chemson
Akdeniz Chemson, headquartered in Izmir, Turkey, is a global leader in the production and supply of polymer additives, particularly stabilizers for the PVC industry. The company, with 720 employees, specializes in developing chemical additives that enhance the properties and performance of polymers, ensuring the durability and stability of PVC products. Akdeniz Chemson's commitment to innovation and sustainability has solidified its position as a key player in the polymer additives market.
Details of the Attack
On June 8, 2024, at 12:10, the ransomware group BlackBasta executed a significant attack on Akdeniz Chemson. The group claims to have stolen over 500GB of sensitive data, including financial and HR information. They have issued a ransom demand with a deadline of June 13, 2024, threatening to release the stolen data if the ransom is not paid. This breach has caused substantial operational disruptions for Akdeniz Chemson, impacting its role as a key supplier in the global PVC and polymer industry.
About BlackBasta
BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is known for its double extortion tactics, encrypting victims' data and threatening to publish it on their dark web leak site. BlackBasta targets organizations in highly targeted attacks, often using spear-phishing campaigns, insider information, and buying network access to penetrate systems. The group has been linked to over 500 attacks worldwide, making up to $100 million in ransom payments.
Potential Vulnerabilities
Akdeniz Chemson's extensive global operations and significant data repositories make it a lucrative target for ransomware groups like BlackBasta. The company's reliance on digital infrastructure for manufacturing and R&D activities could have provided multiple entry points for the attackers. The use of advanced tools by BlackBasta, such as QakBot and Cobalt Strike Beacons, likely facilitated lateral movement and data exfiltration within Akdeniz Chemson's network.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.