Atos Hit by BlackBasta Ransomware, 710GB of Sensitive Data Compromised

Incident Date: Jul 15, 2024

Attack Overview

VICTIM

Atos

INDUSTRY

Business Services

LOCATION

India

ATTACKER

Blackbasta

FIRST REPORTED

July 15, 2024

Request Removal

Atos Falls Victim to BlackBasta Ransomware Attack, Compromising 710GB of Sensitive Data

Overview of Atos

Atos is a global leader in digital transformation, specializing in cybersecurity, cloud computing, and high-performance computing. With approximately 107,000 employees and an annual revenue of around €11 billion, Atos operates in 69 countries and is recognized as the European leader in its field. The company provides tailored, end-to-end solutions across various industries, emphasizing a secure and decarbonized digital environment for its clients. Atos is structured as a Societas Europaea (SE) and is listed on Euronext Paris.

Details of the Ransomware Attack

Atos has fallen victim to a ransomware attack orchestrated by the BlackBasta group, resulting in the compromise of a substantial 710GB of data. The stolen data encompasses a wide array of sensitive information, including company data, confidential documents, personal employee records, project details, and client information. This breach poses significant risks to the company's operations, employee privacy, and client trust, necessitating immediate and comprehensive response measures to mitigate the impact and prevent further damage.

About BlackBasta Ransomware Group

BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group due to similarities in their approach to malware development and operations. BlackBasta targets organizations in highly targeted attacks, employing a double extortion tactic by encrypting critical data and threatening to publish sensitive information on their public leak site if the ransom is not paid. The group has targeted over 500 organizations worldwide, making up to US$ 100 million in ransom payments from more than 90 victims.

Potential Vulnerabilities and Penetration Methods

BlackBasta employs several strategies to gain initial access to target networks, including spear-phishing campaigns, insider information, and buying network access. Once inside a network, the group uses tools like QakBot, Mimikatz, and exploiting vulnerabilities to move laterally and harvest credentials. For maintaining control over compromised systems, BlackBasta uses tools like Cobalt Strike Beacons, SystemBC, and Rclone. Before encrypting files, the group disables security tools, deletes shadow copies, and exfiltrates sensitive data to maximize their leverage.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.