December 5, 2024 at 05:55AM
BT is investigating a ransomware attack by the Black Basta group, which claims to have stolen 500 GB of sensitive data. The group threatens to leak the data unless a ransom is paid. BT affirmed that only specific elements of its Conferencing platform were affected, and services remain operational.
### Meeting Takeaways:
1. **Investigation Initiated**: BT (British Telecommunications) is conducting an investigation following a ransomware claim by the Black Basta group, which alleges the theft of approximately 500 GB of sensitive data from BT’s btci.com and btconferencing.com platforms.
2. **Data Exposed**: The ransomware group has threatened to leak the stolen data, which includes financial, corporate, and personal information, unless a ransom is paid within a week. They have released a sample of the stolen data, highlighting identification documents like passports.
3. **BT’s Response**:
– The company has confirmed an attempted breach of its BT Conferencing platform but stated that the incident was limited to specific parts of the platform.
– Affected servers were quickly taken offline, and live conferencing services remain operational without impact on other BT Group services.
– BT is collaborating with law enforcement and regulatory bodies in their ongoing investigation.
4. **Ransomware Tactics**:
– The Black Basta group has refined its social engineering techniques. They initiate attacks by subscribing target users to numerous mailing lists.
– They follow up by contacting victims—posing as IT support—offering assistance with the deluge of emails, and encouraging them to install remote management software (e.g., Quick Assist, TeamViewer).
– This method allows attackers to deploy credential stealers and malware, including Zbot and DarkGate.
5. **Background on Black Basta**: Since its emergence in 2022, Black Basta has attacked hundreds of organizations and reportedly made over $100 million through ransom payments in the past year.