Data Breach Alert: Active-PCB Solutions Ltd Targeted by Black Basta Ransomware Group
Incident Date:
May 5, 2024
Overview
Title
Data Breach Alert: Active-PCB Solutions Ltd Targeted by Black Basta Ransomware Group
Victim
Active-PCB Solutions Ltd
Attacker
Blackbasta
Location
First Reported
May 5, 2024
Ransomware Attack on Active-PCB Solutions Ltd by Black Basta
Company Profile: Active-PCB Solutions Ltd
Active-PCB Solutions Ltd, a prominent UK-based contract electronics manufacturer, specializes in PCB assembly for OEMs in the EMS market. Since its inception in 1997, the company has been recognized for its rapid, high-complexity assembly solutions for small to medium batch productions. Their services encompass complex surface mount, conventional through-hole, electro-mechanical assembly, and full product builds.
The company's technological capabilities include handling components as small as 01005 to sophisticated QFP and BGA, supporting large batch volumes with advanced technologies like flip-chip and Micro BGAs. Known for exceptional customer service and meticulous attention to detail, Active-PCB collaborates closely with clients to tailor solutions to specific needs and specifications.
Details of the Ransomware Attack
The cyberattack orchestrated by the ransomware group Black Basta targeted Active-PCB Solutions Ltd, leading to the exfiltration of approximately 750 GB of data. This data comprised a range of sensitive information including internal company documents, employee records, development data, and sales records. The attack not only encrypted the company's data but also threatened the integrity and confidentiality of critical business information.
Ransomware Group Profile
Emerging in early 2022, Black Basta quickly became a formidable name in the Ransomware-as-a-Service (RaaS) arena. The group is known for its double extortion tactics, which involve encrypting the victim's data and threatening to leak it unless a ransom is paid. Black Basta uses the XChaCha20 encryption algorithm and has been linked to other high-profile cybercriminal groups such as Conti and FIN7. The group predominantly targets large organizations within the construction and manufacturing sectors, focusing on English-speaking countries.
Potential Vulnerabilities and Attack Vectors
While specific details of the breach vector in Active-PCB's case are not publicly available, common entry points for such attacks include phishing, exploitation of unpatched software vulnerabilities, and compromised credentials. Given the sophistication of Black Basta, it is plausible that one of these methods was employed to gain initial access to Active-PCB's network.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.