Protecting Sensitive Data: Lessons from the Black Basta Ransomware Attack

Incident Date:

May 5, 2024

World map

Overview

Title

Protecting Sensitive Data: Lessons from the Black Basta Ransomware Attack

Victim

INTEGRATED DESIGN SOLUTIONS

Attacker

Blackbasta

Location

Troy, USA

Michigan, USA

First Reported

May 5, 2024

Ransomware Attack on Integrated Design Solutions by Black Basta

Company Profile

Integrated Design Solutions, located in Troy, Michigan, is a prominent architectural and engineering firm known for its multi-disciplinary approach in various sectors including education, healthcare, and industrial markets. With a focus on inclusion, integration, and a culture of excellence and artistry, IDS stands out in the construction and design industry. Despite not disclosing the exact number of employees or revenue, the firm is actively expanding, offering positions in both Troy and Grand Rapids, Michigan.

Details of the Ransomware Attack

The Black Basta ransomware group has claimed responsibility for a cyber attack on Integrated Design Solutions, resulting in the exfiltration of approximately 500 GB of sensitive data. This data includes project details, CAD drawings, user information, and corporate data. The specifics of the ransom demand have not been disclosed publicly, but a sample of the data was leaked on their dark web site, indicating the seriousness of the breach.

Black Basta Ransomware Group

Emerging in early 2022, Black Basta is known for its sophisticated ransomware attacks primarily targeting large organizations. Utilizing a double extortion tactic, the group encrypts the victim's data and threatens to publish it unless a ransom is paid. Black Basta uses the XChaCha20 encryption algorithm and has connections with other major cybercrime groups, enhancing its capabilities in executing targeted attacks.

Potential Vulnerabilities and Entry Points

While the exact method of penetration used by Black Basta in this attack is not specified, common entry points for such attacks include phishing, exploitation of unpatched systems, or compromised credentials. Given the nature of IDS's business, which involves handling large volumes of sensitive data, it's essential for these companies to uphold strong cybersecurity protocols to counteract these threats effectively.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.