Hanwha Azdel Faces Black Basta Ransomware Attack: Impact and Response

Incident Date:

April 19, 2024

World map



Hanwha Azdel Faces Black Basta Ransomware Attack: Impact and Response


Hanwha Azdel




Forest, USA

Virginia, USA

First Reported

April 19, 2024

Hanwha Azdel Targeted by Black Basta Ransomware Attack

Company Profile

Hanwha Azdel, Inc., a subsidiary of the South Korean conglomerate Hanwha, is a manufacturer based in Forest, Virginia, specializing in Glass Mat Thermoplastic (GMT) composite materials. Founded in 1986, the company has a significant presence in the automotive, recreational vehicle, large truck, and electrical enclosure industries. With 141 employees and an annual revenue of $16 million, Hanwha Azdel stands out for its commitment to innovation and sustainability in the plastics sector.

Attack Overview

The Black Basta ransomware group has claimed responsibility for a cyberattack on Hanwha Azdel, compromising the company's operational integrity by exfiltrating approximately 1 TB of sensitive data. This data includes internal company documents, contracts, agreements, and project drawings. The attack was executed with a sophistication that suggests a high level of planning and targeting, typical of Black Basta's modus operandi.

Vulnerabilities and Targeting

The choice of Hanwha Azdel as a target by Black Basta could be attributed to several factors. The company's significant role in the supply chain of several critical industries makes it a valuable target for ransomware attacks, which aim to disrupt operations and extract valuable corporate data. Additionally, the high volume of sensitive data handled by the company increases the potential payoff for cybercriminals in terms of ransom demands and the sale of stolen data.

Impact and Response

The ransomware attack has put significant pressure on Hanwha Azdel to secure its systems and manage the public relations fallout. The breach not only threatens the financial stability of the company due to potential ransom payments but also risks damaging its reputation with clients and partners. The deadline for the ransom payment has been set for April 26th, 2024, putting the company in a critical position to respond effectively.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.