BT Group Affected by Ransomware Breach by Black Basta Gang
Published on December 5, 2024
- Over 500GB of BT Group’s sensitive data is now in the hands of Black Basta.
- BT Group claims this incident was an attempt to compromise its conferencing platform.
- Black Basta threatens to publish the stolen data next week.
BT Group (formerly known as British Telecom), one of Britain’s largest companies, is the latest target of the Black Basta ransomware gang. The company confirmed to Recorded Future News “an attempt to compromise” its conferencing platform without affecting the operations of the BT Conferencing platform. However, some servers were taken offline and isolated.
According to the company’s spokesperson, this incident was promptly identified, and specific platform elements were affected. In other words, BT Group claims that the attack was isolated, but there are indications that the Black Basta group now possesses highly sensitive documents.
The group’s Dark Web leak site claims that over 500GB of data, including financial and organizational data, user data and personal documents, NDA documents, confidential information, and more, was stolen from BT Group. To support its claims, the group provided folder listings and multiple screenshots.
The leak site also has a countdown timer, giving BT Group around seven days to prevent the files from being leaked by paying a ransom. Therefore, it all points to a serious breach rather than just an attempt, as BT Group claims.
BT Group is one of the largest companies in Great Britain, employing more than 100,000 individuals globally. It is the country’s leading fixed and mobile telecom provider. However, it also provides managed telecommunications, security, and network infrastructure services to customers in 180 countries. In 2023, the company recorded revenues of over $24.5 billion.
The Black Basta is a ransomware-as-a-service (RaaS) operation that first surfaced in April of 2022 when over a dozen companies were attacked in just a few weeks. Not much is known about the group, but cyber-security experts believe it’s not a new operation. Instead, it could be a rebrand of another top-tier ransomware gang, Conti, known for its sophisticated and damaging attacks.
Throughout 2021, the Conti group exploited numerous business organizations, prompting the FBI and CISA to publish an alert.
Related
Most Popular
Most Popular