The BlackBasta ransomware group claims on the Dark Web it has breached major polymer additive and market-leading PVC stabiliser product company Akdeniz Chemson. The group claims to have stolen more than 500GB of financial and HR data and has given until 13 June 2024 for a ransom to be paid, or it will be released.
Sadly, it's another day, and another breach. Cybersecurity expert and Dark Web watcher Caity Randall has picked up the activity of the BlackBasta ransomware group, who claim over the Dark Web they have penetrated the defences of Akdeniz Chemson, a major worldwide producer of PVC and polymer products. The company began life in England and is now headquartered in Izmir, Turkey. It has production plants in Eastern Creek, Sydney, Australia, as well as in Germany, and other locations.
Randall, the founder and director of Sustainabil.IT and a CFSI senior fellow for ANZ, showed iTWire proof of the group's claims.
BlackBasta claims to have taken more than 500GB of private data from Akdeniz Chemson, including corporate data, personal user data, and information from the finance and HR departments, as well as other departments. The group allege they have issued Akdeniz Chemson a ransom demand, with a deadline of 13 June 2024. If the ransom is not paid, BlackBasta states it will release the data.
{loadposition david08}
This breach follows news of Panasonic's alleged breach by a different ransomware group, Akira, only the day before. Panasonic Australia confirmed to iTWire a cybersecurity incident had occurred, but states there is no evidence any data has been taken at all.
At the time of writing Akdeniz Chemson has not made any official comment on BlackBasta's claims. iTWire will continue to advise as developments occur.
"BlackBasta is a notorious ransomware group that operates using a Ransomware-as-a-Service (RaaS) model, often employing a "spray and prey" approach. They typically leverage insider threat intelligence, phishing campaigns, and OSINT information scraping to gain access to Windows domain credentials. Once they infiltrate a network, they deploy their ransomware, exfiltrate sensitive data, and issue ransom demands," Randall explained.
Randall says there are ways to combat BlackBasta, and groups like it:
- implement a strong Extended Detection and Response (XDR) and Managed Detection and Response (MDR) solution to provide comprehensive visibility and rapid response capabilities to detect and mitigate threats early
- implement robust Identity and Access Management (IAM) controls to limit lateral movement within the network, and make it harder for attackers to escalate privileges
- microsegment the network into smaller, isolated sections, to contain breaches and prevent them from spreading
- regularly review network controls and configure them to detect Indicators of Compromise (IoCs)
"As threats evolve, so must our strategies to counter them," she said.