BlackBasta Ransomware Strikes Driver Group Plc

Incident Date:

June 6, 2024

World map

Overview

Title

BlackBasta Ransomware Strikes Driver Group Plc

Victim

Driver Group Plc.

Attacker

Blackbasta

Location

Rossendale, United Kingdom

, United Kingdom

First Reported

June 6, 2024

BlackBasta Ransomware Attack on Driver Group Plc

Overview of Driver Group Plc

Driver Group Plc is a United Kingdom-based global consultancy firm specializing in dispute avoidance and dispute resolution within the construction, engineering, and industrial sectors. With a workforce of 277 employees and a reported revenue of £42.63 million, the company offers a range of services including strategic commercial improvement, contract management, forensic delay analysis, and training seminars. Their expertise in managing and mitigating risks, resolving disputes, and ensuring project completion on time and within budget makes them a standout in their industry.

Details of the Ransomware Attack

Recently, Driver Group Plc fell victim to a ransomware attack executed by the BlackBasta group. The attack compromised 530GB of data, including corporate accounts, HR, finance records, personal user data, and confidential project information. The attack was publicly claimed on BlackBasta's dark web leak site, highlighting the group's use of double extortion tactics to pressure victims into paying the ransom.

About BlackBasta Ransomware Group

BlackBasta is a notorious ransomware operator that emerged in early 2022. The group is known for its targeted attacks on organizations across the US, UK, Canada, and other regions. Utilizing double extortion tactics, BlackBasta encrypts critical data and threatens to publish it if the ransom is not paid. The group employs sophisticated methods for initial access, including spear-phishing and buying network access, followed by lateral movement and credential harvesting using tools like QakBot and Mimikatz.

Penetration and Impact

BlackBasta likely penetrated Driver Group Plc's systems through a combination of phishing campaigns and exploiting vulnerabilities within the network. Once inside, the group disabled security tools, deleted shadow copies, and exfiltrated sensitive data before encrypting files. The attack underscores the vulnerabilities that even well-established firms like Driver Group Plc face from sophisticated ransomware operators.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.