BlackBasta Ransomware Strikes Driver Group Plc
Incident Date:
June 6, 2024
Overview
Title
BlackBasta Ransomware Strikes Driver Group Plc
Victim
Driver Group Plc.
Attacker
Blackbasta
Location
First Reported
June 6, 2024
BlackBasta Ransomware Attack on Driver Group Plc
Overview of Driver Group Plc
Driver Group Plc is a United Kingdom-based global consultancy firm specializing in dispute avoidance and dispute resolution within the construction, engineering, and industrial sectors. With a workforce of 277 employees and a reported revenue of £42.63 million, the company offers a range of services including strategic commercial improvement, contract management, forensic delay analysis, and training seminars. Their expertise in managing and mitigating risks, resolving disputes, and ensuring project completion on time and within budget makes them a standout in their industry.
Details of the Ransomware Attack
Recently, Driver Group Plc fell victim to a ransomware attack executed by the BlackBasta group. The attack compromised 530GB of data, including corporate accounts, HR, finance records, personal user data, and confidential project information. The attack was publicly claimed on BlackBasta's dark web leak site, highlighting the group's use of double extortion tactics to pressure victims into paying the ransom.
About BlackBasta Ransomware Group
BlackBasta is a notorious ransomware operator that emerged in early 2022. The group is known for its targeted attacks on organizations across the US, UK, Canada, and other regions. Utilizing double extortion tactics, BlackBasta encrypts critical data and threatens to publish it if the ransom is not paid. The group employs sophisticated methods for initial access, including spear-phishing and buying network access, followed by lateral movement and credential harvesting using tools like QakBot and Mimikatz.
Penetration and Impact
BlackBasta likely penetrated Driver Group Plc's systems through a combination of phishing campaigns and exploiting vulnerabilities within the network. Once inside, the group disabled security tools, deleted shadow copies, and exfiltrated sensitive data before encrypting files. The attack underscores the vulnerabilities that even well-established firms like Driver Group Plc face from sophisticated ransomware operators.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.