Black Basta Strikes REMBE GmbH Safety+Control in Ransomware Attack

Incident Date: Nov 19, 2024

Attack Overview

VICTIM

REMBE

INDUSTRY

Manufacturing

LOCATION

Germany

ATTACKER

Blackbasta

FIRST REPORTED

November 19, 2024

Request Removal

Black Basta Ransomware Attack on REMBE GmbH Safety+Control

On November 19, 2024, the notorious ransomware group Black Basta launched a cyberattack on REMBE GmbH Safety+Control, a prominent German company specializing in safety solutions for pressure relief and explosion protection. The attackers claim to have exfiltrated approximately 1 TB of sensitive data, threatening to release it unless a ransom is paid by November 26.

About REMBE GmbH Safety+Control

REMBE GmbH Safety+Control, established in 1973 and headquartered in Brilon, Germany, is a leader in the manufacturing sector, particularly in safety technology. The company is renowned for its innovative solutions, such as the KUB® buckling pin reverse bursting disc and flameless pressure relief technology. With a workforce of around 340 employees and a global presence through subsidiaries in countries like Brazil, Singapore, and China, REMBE serves diverse industries, including oil and gas, chemicals, and food processing. Their commitment to quality and safety is underscored by their active participation in international standardization efforts.

Vulnerabilities and Targeting

REMBE's extensive involvement in high-stakes industries makes it an attractive target for ransomware groups like Black Basta. The company's reliance on proprietary designs and sensitive data, coupled with its operational dependencies, increases its vulnerability to cyber threats. The attack highlights the challenges faced by manufacturing firms in safeguarding their digital assets against sophisticated cybercriminals.

Black Basta's Modus Operandi

Black Basta, a Ransomware-as-a-Service (RaaS) group, has rapidly gained notoriety since its emergence in April 2022. Known for its double extortion tactics, the group encrypts files and exfiltrates data to pressure victims into paying ransoms. Black Basta's operations are characterized by a closed affiliate model, where affiliates execute attacks while core members manage infrastructure and negotiations. The group is suspected of having ties to other major ransomware entities like Conti and BlackMatter, sharing resources and operational strategies.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.