Black Basta Ransomware Group Attacks 4 New Targets

Miklos Zoltan

By Miklos Zoltan . 21 November 2023

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

The Black Basta ransomware group has just confirmed on their Telegram group that they’ve attacked four new targets.

  • The four new targets include Agrovi, Arena Products, Etude Villa Florek, and John Lilley & Gillie Ltd.
  • Black Basta is a RaaS (Ransomware-as-a-Service) operator that’s been active since 2022 and have more than 100 confirmed victims around the world
  • The four new victims haven’t made any official statements and we don’t know the extent of the damage incurred or whether they’ll pay the ransoms

Black Basta’s most common attack pattern involves a double extortion tactic where they encrypt the victim’s data and servers, and then threaten to publish the data unless the victim pays the ransom.

Here’s a summary of the four new targets:

  • Agrovi, a Denmark-based crop advisor for sustainable agriculture
  • Arena Products, a US custom packaging, design, and pooling company
  • Etude Villa Florek, a legal representative firm based in France
  • John Lilley & Gillie Ltd, a marine navigation equipment company

According to the hackers’ data leak site, they published all the data belonging to Etude Villa Florek already, with Arena Products and Agrovi having 3 more days to negotiate a ransom.

John Lilley & Gillie Ltd. is in an unclear position as of right now. None of their data has been published yet but neither do they have a deadline showcased on the leak site.

Image showing a description of John Lilley & Gillie Ltd, one of the four victims of Black Basta

This isn’t Black Basta’s first cyberattack, though, so it’s safe to say they aren’t using idle threats to scare their victims. They’ve been involved in some of the biggest data breaches in recent times.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Who Is Black Basta?

Black Basta is a pure ransomware group whose sole purpose is to extract valuable information and sell it or for intelligence gathering purposes.

They’ll use whatever means at their disposal to infiltrate a target, including spear phishing, lateral movement, custom-made malware, zero-day vulnerabilities, and more.

So far, they’ve launched more than 35 attacks against US-based companies, 10 against German ones, 6 against Canadian ones, and 4 in Switzerland, Italy, Austria, and Australia each.

They also have a data leak site where they post updates and threats to their victims, trying to convince them to accept the ransom.

Black Basta is targeting a wide range of industries and prefers high-profile targets like Adams Bank & trust, the North Carolina Housing Authority, and Twin Towers Trading.

As for the latest four targets – Agrovi, Arena Products, Etude Villa Florek, and John Lilley & Gillie Ltd – they appear to have been targeted for financial reasons.

Leave a Comment