Keytronic Cyberattack by Blackbasta Ransomware

Incident Date:

May 31, 2024

World map

Overview

Title

Keytronic Cyberattack by Blackbasta Ransomware

Victim

Keytronic

Attacker

Blackbasta

Location

Spokane Valley, USA

Washington, USA

First Reported

May 31, 2024

Blackbasta Ransomware Attack on Keytronic

Keytronic Overview

Key Tronic Corporation, commonly known as Keytronic, is a leading contract manufacturer specializing in PCB assembly, plastic molding, and full product assembly. Employing approximately 5,447 full-time staff, Keytronic provides integrated electronic and mechanical engineering services, sourcing and procurement, logistics, and new product testing. The company reported total revenue of $518.7 million for fiscal year 2021, highlighting its robust presence in the technology sector.

Keytronic's Standout Features

Distinguished by its unique blend of high-caliber design, engineering, and manufacturing services, Keytronic excels in the industry. The company's flexibility and responsiveness to customer needs have positioned it as a leader in delivering tailored solutions across various industries.

Keytronic's Vulnerabilities

As a prominent contract manufacturer in the technology sector, Keytronic’s extensive capabilities in product design, assembly, and sourcing make it an attractive target for threat actors like the Blackbasta ransomware group. The company’s global footprint, with facilities in multiple countries, poses challenges in maintaining a unified security posture across its operations.

Blackbasta Ransomware Group

Black Basta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. Targeting organizations worldwide, the group employs highly targeted attacks and utilizes double extortion tactics to extort ransom payments from victims. Black Basta has a history of targeting critical infrastructure sectors and has achieved significant financial gains through ransom payments.

Attack Overview

In May 2024, Key Tronic Corporation detected unauthorized access to its IT systems by the Blackbasta ransomware group. The company promptly initiated a cyber incident response, involving external cybersecurity experts and law enforcement. Although the incident disrupted various business applications, the unauthorized activity has been contained. Keytronic does not anticipate a material effect on its financial condition or operations and is working diligently to restore affected systems.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.