LEWA Hit by Black Basta Ransomware Exposing 400GB Data

Incident Date: Oct 21, 2024

Attack Overview

VICTIM

LEWA

INDUSTRY

Manufacturing

LOCATION

Germany

ATTACKER

Blackbasta

FIRST REPORTED

October 21, 2024

Request Removal

Ransomware Attack on LEWA: A Deep Dive into the Black Basta Breach

LEWA GmbH, a prominent manufacturer of diaphragm metering pumps and comprehensive metering systems, has recently been targeted by the notorious ransomware group Black Basta. This attack has compromised approximately 400GB of sensitive data, posing significant risks to LEWA's operations and reputation.

LEWA: A Leader in Fluid Solutions

Founded in 1952 and headquartered in Leonberg, Germany, LEWA is a global leader in the manufacturing sector, specializing in high-precision fluid handling solutions. With a workforce of around 1,200 employees and a presence in over 80 countries, LEWA is renowned for its innovative diaphragm technology and commitment to sustainability. The company's products are integral to industries such as chemical processing, pharmaceuticals, and water treatment, where precision and reliability are paramount.

Details of the Attack

The ransomware attack orchestrated by Black Basta has exposed a wide array of sensitive information, including employee personal documents, corporate financial and HR records, project files, customer contracts, and confidential engineering and R&D data. This breach underscores the vulnerabilities inherent in LEWA's digital infrastructure, highlighting the critical need for enhanced cybersecurity measures.

Black Basta: A Notorious Ransomware Group

Emerging in early 2022, Black Basta has quickly established itself as a formidable threat in the cybercrime landscape. Known for its double extortion tactics, the group encrypts victims' data and threatens to publish it unless a ransom is paid. Black Basta's operations are characterized by targeted attacks on organizations across the globe, leveraging sophisticated methods such as spear-phishing and exploiting network vulnerabilities to gain initial access.

Potential Vulnerabilities and Penetration Methods

While the exact method of penetration in the LEWA attack remains undisclosed, Black Basta typically employs a combination of spear-phishing campaigns, insider information, and purchased network access to infiltrate target systems. Once inside, the group uses tools like QakBot and Mimikatz for lateral movement and credential harvesting, further compromising the victim's network.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.