SUMMARY
- BT Group Ransomware Attack: British telecom giant BT Group’s Conferencing division was hit by a ransomware attack by Black Basta, leading to certain servers being taken offline.
- Stolen Data: Black Basta claims to have stolen 500 GB of sensitive data, including financial, corporate, and personal information, and threatened to leak it unless a ransom is paid.
- Company Response: BT Group stated the attack was confined to specific parts of its Conferencing platform, with core services unaffected, and is working with authorities to investigate.
- Black Basta’s Methods: The group uses advanced tactics like email bombing and social engineering through platforms like Microsoft Teams to gain initial access.
- Global Ransomware Threat: Black Basta has targeted over 500 organizations, affecting critical infrastructure sectors, emphasizing the need for robust cybersecurity measures.
Days after the ransomware attacks on the NHS Hospitals in the United Kingdom, British telecommunications giant BT Group has fallen victim to a ransomware attack launched by the notorious Black Basta gang. The attack specifically targeted the company’s Conferencing business division, forcing the company to take certain servers offline as a precautionary measure.
While BT Group has downplayed the severity of the attack, claiming limited impact on its services and customer data, Black Basta paints a far more alarming picture. The ransomware gang asserts that they successfully stole a staggering 500 gigabytes of sensitive information. As an evidence, the group has released screenshots of stolen documents and folder listings.
The threat actors added BT’s btci.com and btconferencing.com domains to their data leak site, threatening to publicly release the stolen information, which includes financial, corporate, and even personal data such as passport copies, unless a ransom is paid. However, the exact amount of the ransom has not been disclosed.
BT Group has confirmed to Hackread.com that it is actively investigating the incident and cooperating with relevant authorities. The company has emphasized that the attack was confined to specific elements of the Conferencing platform and that core services remain operational.
“We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated.”
“We’re continuing to actively investigate all aspects of this incident, and we’re working with the relevant regulatory and law enforcement bodies as part of our response,” BT Group’s spokesperson stated.
Black Basta has targeted over 500 organizations globally in the past two years, targeting 12 out of 16 critical infrastructure sectors, with victims including Ascension Healthcare, Hyundai Europe, Capita, Yellow Pages Canada, and Dish.
The group, a ransomware-as-a-service (RaaS) variant emerging in 2022 after the Russian invasion of Ukraine and the downfall of Conti, has had significant impacts on the global economy, according to the FBI and CISA’s (PDF) advisory titled “#StopRansomware: Black Basta.”
Research reveals that Black Basta, has been refining its social engineering methods. The group often initiates attacks by bombarding victims with emails from various mailing lists, creating a sense of urgency and confusion.
“Recent techniques include email bombing—a tactic used to send a large volume of spam emails—to aid social engineering over Microsoft Teams and trick victim end users into providing initial access via remote monitoring and management (RMM) tools,” CISA’s updated advisory revealed.
This social engineering ploy often leads victims to grant remote access to their devices, allowing the hackers to deploy malware and steal sensitive information.
The incident reminds us that ransomware attacks remain a consistent threat, even for large, well-resourced organizations. Therefore, businesses must invest in advanced cybersecurity measures to protect sensitive data and maintain business continuity.
RELATED TOPICS
- US, UK Military Social Network “Forces Penpals” Leaks PII Data
- Qilin Ransomware Leaks 400GB of NHS, Patient Data on Telegram
- Russian Midnight Blizzard Breached UK Home Office via Microsoft
- Major UK Security Provider Leaks Trove of Guard and Suspect Data
- China Suspected in Cyberattack on UK’s Ministry of Defence (MoD)