December 5, 2024 at 06:17AM
BT Group confirmed an attempted attack by the Black Basta ransomware group on its BT Conferencing unit. The incident affected specific platform elements, which were quickly isolated, with no impact on live services. Black Basta claims to have stolen around 500 GB of outdated data, prompting an ongoing investigation.
### Meeting Takeaways:
1. **Incident Confirmation**: BT Group is dealing with a cybersecurity incident involving an attempted attack on its BT Conferencing business unit by the Black Basta ransomware group.
2. **Nature of the Attack**:
– The attack specifically targeted BT Conferencing, located in Braintree, Massachusetts.
– The company stated that the attack was confined to specific elements of the platform, which were quickly isolated and taken offline.
3. **Service Continuity**:
– The affected servers do not support live BT Conferencing services, which remain fully operational.
– No other BT Group or customer services have been impacted.
4. **Data Compromise**:
– Black Basta claims to have stolen approximately 500 GB of data, including sensitive information related to finance, NDAs, employees, and identity documents. However, this data appears to be outdated.
5. **Ongoing Investigation**:
– BT Group is actively investigating the incident and collaborating with regulatory and law enforcement bodies.
6. **Ransomware Group Profile**:
– Black Basta is recognized as one of the leading ransomware groups, reportedly earning at least $100 million since its formation in April 2022.
– The group has targeted over 500 organizations, including critical infrastructure entities and healthcare services.
7. **Previous Target Examples**:
– Notable attacks linked to Black Basta include those on Southern Water, Ascension, Capita, and the Toronto Public Library.
8. **Awareness and Advisory**:
– CISA has issued updated advisories regarding Black Basta’s methods and activity, highlighting the ongoing threat posed by the group.