Black Basta Ransomware Targets RAUCH Streuer in Data Breach

Incident Date: Nov 19, 2024

Attack Overview

VICTIM

RAUCH Streuer

INDUSTRY

Agriculture

LOCATION

USA

ATTACKER

Blackbasta

FIRST REPORTED

November 19, 2024

Request Removal

Ransomware Attack on RAUCH Streuer by Black Basta

On November 19, the notorious ransomware group Black Basta targeted RAUCH Streuer, a leading German manufacturer of agricultural machinery and winter service equipment. The attack resulted in the exfiltration of 2 TB of sensitive data, with a ransom deadline set for November 26. If unmet, the group threatens to release the stolen data, which includes personal documents, financial information, and proprietary research.

About RAUCH Streuer

RAUCH Streuer, officially known as RAUCH Landmaschinenfabrik GmbH, is a family-run business established in 1921. Based in Rheinmünster, Germany, the company is renowned for its innovative fertilizer spreaders and winter service solutions. With a workforce of approximately 407 employees, RAUCH produces around 16,000 machines annually and holds about 170 patents. Their commitment to precision and sustainability has positioned them as a global leader in the agricultural machinery sector.

Vulnerabilities and Targeting

RAUCH's prominence in the industry and its extensive export operations make it an attractive target for ransomware groups like Black Basta. The company's reliance on advanced technology and proprietary research increases the potential impact of data breaches. Such vulnerabilities are often exploited through sophisticated spear-phishing campaigns and the exploitation of known software vulnerabilities.

Attack Overview

The Black Basta group claims to have infiltrated RAUCH's systems, exfiltrating a significant amount of data. The compromised information spans various categories, including employee and client data, financial records, and confidential project details.

About Black Basta

Emerging in April 2022, Black Basta operates as a Ransomware-as-a-Service (RaaS) provider. The group is known for its double extortion tactics, encrypting files and threatening data exposure. Black Basta distinguishes itself through a closed affiliate model, ensuring high standards in execution and security. Their attacks often involve spear-phishing and exploiting vulnerabilities like CVE-2024-1709, allowing them to penetrate and maintain access to targeted networks.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.