Ransomware Attack on Posi-Plus Technologies by Black Basta: Details and Impact

Incident Date:

July 15, 2024

World map

Overview

Title

Ransomware Attack on Posi-Plus Technologies by Black Basta: Details and Impact

Victim

Posi-Plus Technologies Inc

Attacker

Blackbasta

Location

Victoriaville, Canada

, Canada

First Reported

July 15, 2024

Ransomware Attack on Posi-Plus Technologies Inc. by Black Basta

Overview of Posi-Plus Technologies Inc.

Posi-Plus Technologies Inc., also known as Posi+, is a Canadian company headquartered in Victoriaville, Quebec. Founded in 1981, Posi+ specializes in the development and provision of innovative solutions for the construction and utility sectors. The company is renowned for its high-performance aerial devices, digger derricks, cable handlers, and cable placers for telecommunications. Posi+ employs between 51 and 200 people and has built a strong reputation for quality, innovation, and customer service.

Details of the Ransomware Attack

Posi-Plus Technologies Inc. recently fell victim to a ransomware attack orchestrated by the cybercriminal group Black Basta. The attack compromised approximately 350GB of data, including sensitive company information, confidential employee data, and financial records. This breach has raised significant concerns about data security and operational integrity within the company.

About Black Basta

Black Basta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group. Black Basta targets organizations in highly targeted attacks, employing a double extortion tactic. They encrypt critical data and threaten to publish sensitive information on their public leak site if the ransom is not paid. The group has targeted over 500 organizations worldwide, making up to US$ 100 million in ransom payments from more than 90 victims.

Penetration and Attack Methods

Black Basta employs several strategies to gain initial access to target networks, including spear-phishing campaigns, insider information, and buying network access. Once inside a network, the group uses tools like QakBot, Mimikatz, and exploiting vulnerabilities to move laterally and harvest credentials. They maintain control over compromised systems using tools like Cobalt Strike Beacons and SystemBC. Before encrypting files, Black Basta disables security tools, deletes shadow copies, and exfiltrates sensitive data to maximize their leverage.

Vulnerabilities and Impact

Posi-Plus Technologies Inc.'s focus on innovation and customized solutions makes it a significant player in the construction and utility equipment industry. However, this also makes the company a lucrative target for threat actors like Black Basta. The attack on Posi+ highlights the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats. The breach has not only compromised sensitive data but also posed a significant threat to the company's operational integrity and reputation.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.