AMPORTS Suffers Ransomware Attack by BlackBasta

On April 4, 2024, the ransomware group BlackBasta claimed responsibility for an attack on AMPORTS, a prominent player in the transportation sector. AMPORTS is recognized for its global automotive services and port terminal operations, emphasizing quality, safety, operational excellence, and customer satisfaction. The organization is committed to Environmental, Social, and Governance (ESG) policies, underscoring environmental responsibility, social accountability, and strong governance. Specializing in electric vehicle (EV) services, AMPORTS focuses on software updates, customizations, and charging infrastructure.

Despite its significant presence in multiple locations, including Benicia, Freeport, Jacksonville, Baltimore Dundalk, and Baltimore Atlantic, specific details regarding AMPORTS's size and cybersecurity measures remain undisclosed. This lack of information raises questions about the company's vulnerabilities and preparedness against cyber threats.

BlackBasta Ransomware Group

Active since at least October 12, 2022, BlackBasta is known for its sophisticated ransomware attacks. The group employs a JavaScript dropper to deploy a .NET payload, facilitating execution across Windows, Linux-based systems, and VMWare ESXi. BlackBasta's capabilities include file encryption using AES or ChaCha20 algorithms, deletion of volume shadow copies, and the ability to halt processes, services, and virtual machines on ESXi servers.

Broader Implications of the Attack

The incident at AMPORTS is indicative of a larger pattern of ransomware attacks targeting diverse sectors, including manufacturing, communications, healthcare, and public health. In response, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued joint cybersecurity advisories. These advisories aim to bolster organizational defenses against ransomware, highlighting specific vulnerabilities such as CVE-2023-4966, which impacts Citrix NetScaler web application delivery control (ADC) and NetScaler Gateway appliances.

AMPORTS's experience underscores the critical need for transparency and robust cybersecurity measures within organizations. As ransomware groups like BlackBasta continue to pose significant threats, adherence to cybersecurity advisories and proactive defense strategies become paramount for safeguarding against such attacks.

Sources

• Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) joint cybersecurity advisories. URL: https://www.cisa.gov/uscert/ncas/alerts
• Details on CVE-2023-4966 can be found at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4966