BlackBasta Ransomware targets Synlab Italia


The nefarious BlackBasta ransomware group has recently disclosed on the dark web that they executed an attack on Synlab Italia on April 18th of this year, resulting in a temporary shutdown of operations. Since then, the diagnostics service provider has been grappling with providing sample collection and diagnostics services to its clientele.

The extent of the data accessed and stolen by the perpetrators remains ambiguous. However, reports suggest that the hackers successfully exfiltrated over 1.5 terabytes of customer data, encompassing information related to employees, patients, and certain medical reports.

The BlackBasta gang has issued a deadline of May 11th for the victims to comply with their ransom demands, threatening to release the data on the dark web if their terms are not met. Synlab, which operates across multiple continents including Europe, Asia, Africa, and South America, has yet to make an official statement regarding whether it intends to negotiate with the hackers or seek assistance from law enforcement agencies.

In a parallel incident, the City of Wichita, Kansas, found itself immobilized by a ransomware attack aimed at containing the spread of the malware to other systems. While the BlackBasta gang has purported involvement in this incident as well, an official confirmation is pending.

The tactic of encrypting computer systems and extorting ransom has become a common modus operandi for cybercriminals, particularly targeting companies in the healthcare and technology sectors. The demand for stolen data in such incidents, which is often sold on the dark web, remains alarmingly high.

For the benefit of our readers, it’s worth noting that Black Basta offers ransomware as a service and emerged from the now-defunct Conti Ransomware group. This criminal outfit, associated with the Fin7 Threat Group, possesses sophisticated capabilities to circumvent threat detection mechanisms, often employing overlapping IP addresses for their command-and-control server operations. Their primary targets include financial institutions, leveraging malware such as Carbanak.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display