Ransomware Attack on Lactanet by Black Basta

Incident Date:

May 20, 2024

World map

Overview

Title

Ransomware Attack on Lactanet by Black Basta

Victim

Lactanet

Attacker

Blackbasta

Location

Guelph, Canada

, Canada

First Reported

May 20, 2024

Ransomware Attack on Lactanet by Black Basta

Victim Overview

Lactanet, a Canadian company founded in 2008, specializes in dairy herd management services, genetic testing, and data analysis for dairy farmers. With a workforce of 288 employees, Lactanet serves over 10,000 dairy farm customers and professional advisors across Canada. The company has received industry recognition, including the "Industry Distinction Award" from the Canadian Dairy Network in 2008.

Attack Overview

Black Basta, a ransomware group that emerged in early 2022, targeted Lactanet in a recent cyberattack. The attackers exfiltrated 520 GB of data, comprising corporate information, employee data, user data, and lab data. A sample of the stolen data has been leaked, while the specific ransom demand remains undisclosed.

Ransomware Group Profile

Black Basta is known for its targeted attacks on organizations in various countries, including the US, Japan, Canada, the UK, Australia, and New Zealand. The group employs a double extortion tactic, encrypting critical data and threatening to publish sensitive information on their leak site if the ransom is not paid. Black Basta has targeted over 500 organizations globally and has made significant ransom payments since its inception.

Attack Vector

The ransomware group likely gained initial access to Lactanet's network through tactics such as spear-phishing campaigns, insider information, or purchasing network access. Once inside, the group utilized tools like QakBot and Mimikatz for lateral movement and credential harvesting. By using command and control tools like Cobalt Strike Beacons, Black Basta maintained control over compromised systems, exfiltrated data, and encrypted files to maximize leverage.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.