BT Group says it was forced to take some servers offline following ransomware attack

• BT Group confirmed its Conferencing services were targeted
• Black Basta took responsibility for the attack
• The group claims to have stolen hundreds of gigabytes of sensitive information

British telecommunications behemoth BT Group confirmed that it was recently targeted by the ransomware actors known as Black Basta.

The group targeted its Conferencing business division, and even forced it to shut down parts of its infrastructure.

The results of the attack are up for debate, however, since BT claimed very little damage was done, with Black Basta saying the exact opposite.

Prolific player

“We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated,” BT told BleepingComputer in a statement. “The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected.”

But Black Basta begs to differ. The group claims to have stolen 500GB of sensitive data in the attack, including financial and organizational data, “users and personal docs,” NDA agreements, confidential information, and then some. To support their claims, the group released document screenshots, folder listings, and more. It also said it would be leaking the files soon, if the company does not pay the ransom demand.

We don’t know how much money Black Basta is asking for.

“We’re continuing to actively investigate all aspects of this incident, and we’re working with the relevant regulatory and law enforcement bodies as part of our response,” the BT Group spokesperson concluded.

Black Basta is currently one of the biggest ransomware threats out there, according to the FBI and CISA. In March this year, the two agencies issued a joint report stating that in its first two years of existence the group targeted more than 500 organizations all over the world.

Among the victims are organizations in 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector. Some of Black Basta’s victims include Hyundai Europe, Capita, The American Dental Association, Yellow Pages Canada, Dish, and many others.

Black Basta most likely emerged after the downfall of Conti, another major ransomware player until the beginning of the Russian invasion of Ukraine.

Via BleepingComputer

You might also like

• Black Basta ransomware has become one of the biggest threats worldwide, CISA and FBI say
• Here’s a list of the best firewalls today
• These are the best endpoint protection tools right now