Black Basta Ransomware targets Knauf Germany


Black Basta Ransomware has now released the stolen data of one of its victims, which it targeted almost 2-3 weeks ago. As per the information available on its website accessible only through the dark web, Germany company Knauf was targeted by Black Basta on June 29th this year, locking down its database on a temporary note.

Knauf that has over 30,000 employees on a global note issued a statement via its website on July 19th this year. And the statement states that the IT infrastructure of Knauf Group were disrupted because of a digital assault and so the IT staff of the company took measures to isolate the incident.

Interestingly, the public disclosure made on the official website did not mention any details about the Black Basta Ransomware attack. But it linked the disruption to a cyber attack that was supposed to affect supply delays to customers and partners.

Black Basta claims to have compromised 70% of the database belonging to Knauf and reportedly siphoned sensitive documents pertaining to employee’s health insurance, credentials, contact details of employees and products related docs and ID scans.

There is a speculation circulating on Twitter that Russian intelligence could be behind the malware attack as Germany is supporting Ukraine in its war with Putin.

NOTE- Black Basta is a group that spreads file encrypting malware and involves in double extortion tactics. It first steals data from the victim and then locks down the database of the victim until a ransom is paid in cryptocurrency. And if the victim denies paying the ransom or doesn’t bow down to the pressure, Black Basta releases sensitive info from the stolen data on the dark web for sale.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display