• Home
  • News
  • BlackBasta Ransomware Attacks US-Based Sipi Metals Corp

BlackBasta Ransomware Attacks US-Based Sipi Metals Corp

Miklos Zoltan

By Miklos Zoltan . 27 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

BlackBasta posted evidence of a recent ransomware attack, whose victim appears to be Sipi Metals Corp, located in the US. This is a high-profile corporation working in the refining and recycling field with over 100 years of experience and global reach.

  • Not much is known about the attack, aside from the general details
  • Sipi Metals Corp didn’t comment on the situation, but it is presumed that they are in negotiations with the attacker
  • BlackBasta is a well-established ransomware actor dating back to early 2022, when it first came public
  • Despite a slow start in the first several weeks, BlackBasta soon blew up, racking up more than 100 victims within several months

The organization is notorious for its aggressive negotiation tactics and subtle infiltration MO. Unlike other ransomware organizations, BlackBasta prefers surgical operations, rather than spray-and-pray tactics. This means they premeditate their hits carefully.

This approach leads BlackBasta to target high-profile public institutions and corporations, looking to maximize its gains and gain access to sensible data. The more sensible the data is, the higher the potential ransom.

X showing the BlackBasta attack on Sipi Metals Corp
https://twitter.com/FalconFeedsio/status/1751134850831315089

The likelihood of the victims paying the ransom is also higher when there’s more at stake that they afford to lose. This fact alone makes BlackBasta more feared than other ransomware actors, especially since the organization is also highly resourceful.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

BlackBasta’s Modus Operandi

BlackBasta uses the double-extortion MO, which tends to have the most powerful coercive factor. This method involves penetrating the victim’s defenses, cloning and downloading the target data, and encrypting it on the original system.

This forces the victim into a 2-option scenario. Pay the ransom, or have the data leak all over the Dark Web. The encryption itself isn’t necessarily the end of the road, because there are ways around it. It may cost time, money, and financial losses, but it can be done.

But sensible data leaking on the Dark Web can cause irreparable damages, both financial and in terms of reputation. Which is why many victims prefer to pay the ransom and be done with it.

The problem is that this doesn’t guarantee that the attackers will delete the data in their possession. Or that they will provide the decryption key. Furthermore, specialists warn that paying the ransom only incentivizes cyber-criminals to continue their activity.

BlackBast currently ranks as the ransomware actor with the most potential on the market. This is thanks to its ability to innovate its systems and because the organization itself is the successor of Conti, the most dangerous cybercriminal actor to date.

Miklos Zoltan
Founder & CEO Privacy Affairs

Miklos Zoltan is the founder and CEO of Privacy Affairs. Miklos has long-time experience in cybersecurity and data privacy having worked with international teams for more than 10 years in projects involving penetration testing, network security and cryptography.

Miklos founded Privacy Affairs in 2018 to provide cybersecurity and data privacy education to regular audiences by translating tech-heavy and "geeky" topics into easy-to-understand guides and tutorials.

Miklos Zoltan
  • Connect with the author:

Leave a Comment