BlackBasta Ransomware Targets PDQ Airspares

Incident Date:

April 1, 2024

World map

Overview

Title

BlackBasta Ransomware Targets PDQ Airspares

Victim

Best Transportation

Attacker

Cactus

Location

Port Newark, USA

New Jersey, USA

First Reported

April 1, 2024

Best Transportation Ransomware Attack

Overview

Best Transportation, a drayage, intermodal, and transloading company operating in the Port of NY/NJ, has been targeted by the ransomware group Cactus. The company has been in operation since 1982 and is known for its superior and dependable service to customers.

Industry Standout

With its prime location in the Port of NY/NJ providing easy access to marine terminals, Best Transportation ensures fast container pick-up and delivery. The company also services the Ports of Philadelphia and Baltimore. It is a proud Smartway Partner since 2005 and owns, operates, and maintains one of the most modern fleets in the port, which drives with greater efficiency, reliability, and safety.

The company utilizes advanced GPS tracking and logistics software to ensure secure, on-time deliveries, with efficient, pre-approved routes, compliance with the latest industry regulations, and an expertly managed vehicle fleet.

Ransomware Attacks in the Transportation Sector

The transportation sector is highly vulnerable to ransomware attacks, as they can disrupt services and even endanger passengers. Ransomware attacks in the transportation industry have been increasing. The company's size and industry position make it a potential target for ransomware groups.

Cactus ransomware's tactics and techniques align with a sophisticated understanding of cyber threats. The group employs unique encryption techniques to avoid detection, using a batch script to obtain the encryptor binary using 7-Zip and then deploying the encryptor binary with an execution flag and removing the original ZIP archive.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.