The Black Basta ransomware group has allegedly breached the systems of PFC Brakes. The double extortion gang has claimed to have data belonging to the brake supplier of the NTT IndyCar series.
Cybersecurity researcher Dominic Alvieri, tweeted about the incident. However, not much has been shared regarding the amount of data exfiltrated or any demand for a ransom.
The Cyber Express reached out to PFC Brakes, however, no response was received at the time of writing. Their websites pfc.parts and pfcbrakes.com were accessible at the time of writing.
In another tweet, the security expert noted that the ransomware group also targeted the Italian Acea Group SpA, as confirmed by the company. Attacks on a network from a company affect not only its own database but those it provides services to. Data breaches have collective implications on connected devices including those of the clients or customers with the affected system interacts.
Founded in 1984, US-based PFC brakes is known to be one of the best manufacturers of brakes, with clientele including the Pro Mazda Championship, USF2000 Championship, and USF Juniors Championship.
The client IndyCar Series is North America’s highest class of regional open-wheel formula racing cars and among the fastest motorsports in the world.
Black Basta ransomware group
Black Basta is a relatively newer ransomware group that was first identified in 2022. It gains access to systems mainly after having its malicious document in emails accessed by the targets. The extracted file leads to the installation of information-stealing malware and a backdoor. An encrypted connection is met, which helps link to its command-and-control server to send phished data.
The group has been found to use Rclone to exfiltrate data because it is a data syncing tool giving access to data from several devices.
The group’s attack vector includes impairing detecting software in the systems, and inhibiting system recovery to control the network and increase impact without being hindered.
Kroll experts also found that a huge depository of data was stolen within nearly an hour from SharePoint through some Microsoft 365 accounts.
Highlighting the growing cyber risk, Cyentia Institute highlighted that 98% of organizations across the globe connect with at least one breached 3rd party. Based on the analyses of data from over 230,000 organizations, the startling revelation spoke about the cumulative risk that shrouds third and fourth-party vendors.