Unveiling the Black Basta Ransomware Attack on The Lawrence Group
Incident Date:
April 27, 2024
Overview
Title
Unveiling the Black Basta Ransomware Attack on The Lawrence Group
Victim
The Lawrence Group
Attacker
Blackbasta
Location
First Reported
April 27, 2024
Ransomware Attack on The Lawrence Group by Black Basta
Overview of the Attack
The Lawrence Group, a prominent design and architecture firm based in St. Louis, Missouri, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Black Basta. The attack resulted in the exfiltration of approximately 505 GB of sensitive data, including personal documents, user folders, driver licenses, passports, and detailed project files.
Company Profile
Founded in 1983, The Lawrence Group is a nationally recognized firm specializing in architecture, interior design, urban design, and planning. With a revenue of $25.7 million, the company employs over 150 professionals across offices in St. Louis, Dallas, and Charlotte. The firm is known for its commitment to sustainable and innovative design solutions, catering to sectors such as commercial, healthcare, higher education, and hospitality.
The attackers managed to infiltrate The Lawrence Group's network and deploy ransomware, leading to significant data encryption and theft. The stolen data was then partially leaked on Black Basta's dark web leak site as a pressure tactic to coerce the firm into paying a ransom.
Analysis of Black Basta's Modus Operandi
Black Basta is known for its double extortion tactics, which involve not only encrypting the victim's data but also threatening to release it publicly if the ransom is not paid. The group uses a sophisticated encryption algorithm, XChaCha20, and has connections with other notorious cybercriminal groups such as Conti and FIN7. This attack underscores the high level of threat posed by Black Basta to large organizations, particularly in the construction and design sectors.
Vulnerabilities and Industry Impact
The Lawrence Group's extensive digital footprint and significant data repositories made it an attractive target for Black Basta. The firm's high-profile projects and sensitive client data likely contributed to the group's decision to target them. This incident highlights the ongoing risks faced by companies in the architecture and design industry, where intellectual property and personal data are highly valued both commercially and in the cybercriminal underworld.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.