Le Vian Jewelry Company Targeted in Ransomware Attack by BlackBasta

Incident Date:

May 20, 2024

World map

Overview

Title

Le Vian Jewelry Company Targeted in Ransomware Attack by BlackBasta

Victim

Le Vian

Attacker

Blackbasta

Location

Great Neck, USA

New York, USA

First Reported

May 20, 2024

Le Vian Jewelry Company Targeted in Ransomware Attack by BlackBasta

Victim Overview

Le Vian, a renowned family-owned jewelry company with a rich history dating back to the 15th century, has recently become the target of a ransomware attack by the cybercrime group BlackBasta. The company is known for its innovative designs, particularly in the use of natural fancy-color diamonds and gemstones, and is famous for popularizing the term "Chocolate Diamonds."

The company specializes in creating high-end jewelry pieces, including rings, necklaces, bracelets, and earrings. The company's commitment to quality, unique designs, and philanthropic efforts has set it apart in the jewelry industry.

Attack Overview

The ransomware attack on Le Vian occurred in May 2024, with BlackBasta managing to exfiltrate 800GB of data from the company's systems. This data included sensitive information related to the company's operations, as well as potentially personal data of employees and customers. The attack was discovered on May 21, 2024, highlighting the ongoing threats faced by organizations from sophisticated ransomware groups.

Ransomware Group: BlackBasta

BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is known for its targeted attacks on organizations in various countries, employing double extortion tactics to extort ransom payments from victims. BlackBasta has targeted over 500 organizations worldwide and has made significant financial gains from its ransomware operations.

Penetration and Vulnerabilities

The ransomware group distinguishes itself through its sophisticated tactics, including initial access through spear-phishing campaigns, insider information, and lateral movement within target networks. The group utilizes tools like QakBot and Cobalt Strike Beacons to maintain control over compromised systems and exfiltrate sensitive data before encrypting files. Le Vian's vulnerabilities may have included gaps in their cybersecurity defenses, allowing BlackBasta to infiltrate their systems and carry out the ransomware attack.

Sources:

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.