BlackBasta Ransomware Attack on The Robson Companies, Inc. - Data Breach and Impact
Incident Date:
June 7, 2024
Overview
Title
BlackBasta Ransomware Attack on The Robson Companies, Inc. - Data Breach and Impact
Victim
The Robson Companies, Inc.
Attacker
Blackbasta
Location
First Reported
June 7, 2024
BlackBasta Ransomware Attack on The Robson Companies, Inc.
Overview of The Robson Companies, Inc.
The Robson Companies, Inc. is a real estate development firm specializing in luxury 55+ active adult retirement communities. With over five decades of experience, the company has established itself as a leader in creating high-end homes combined with world-class resort amenities. Headquartered in Broken Arrow, Oklahoma, the company operates with a relatively small team of 11-50 employees. Despite its size, The Robson Companies has developed communities across several states, making it a well-established player in the real estate development sector.
Details of the Ransomware Attack
In a targeted attack, the ransomware group BlackBasta compromised 6009 bytes of sensitive data from The Robson Companies, Inc. The stolen information included HR, Accounting, and Payroll records, as well as personal documents of employees such as tax forms, passport scans, driver's licenses, IDs, and Social Security numbers. Client data was also compromised. The breach affected several critical folders, including "OLD DATA 10-2020," "ACC PAYABLE," "ACC Reports," and "Audit Work Papers."
About BlackBasta
Emerging in early 2022, BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) group. The group is believed to have connections to the defunct Conti threat actor group. BlackBasta is known for its double extortion tactics, encrypting critical data and threatening to publish it if the ransom is not paid. The group targets organizations in the US, Japan, Canada, the UK, Australia, and New Zealand, focusing on highly targeted attacks rather than a broad approach.
Penetration and Impact
To gain initial access to target networks, BlackBasta employs various strategies, including spear-phishing campaigns, insider information, and buying network access. Once inside, they use tools like QakBot and Mimikatz for lateral movement and credential harvesting. The attack on The Robson Companies significantly impacted their business operations, compromising critical data and potentially exposing sensitive information of both employees and clients.
Sources
- Robson Resort Communities
- Bloomberg - The Robson Companies, Inc.
- RocketReach - The Robson Companies, Inc.
- Dun & Bradstreet - The Robson Companies, Inc.
- LinkedIn - The Robson Companies, Inc.
- BlackBerry - BlackBasta
- Flashpoint - Understanding BlackBasta Ransomware
- Sangfor - BlackBasta Ransomware Attack
- Exponential-e - BlackBasta Ransomware Group
- InfoSecurity Magazine - BlackBasta Ransomware Victim
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.