Ransomware Attack on Lactanet by Black Basta

Victim Overview

Lactanet, a Canadian company founded in 2008, specializes in dairy herd management services, genetic testing, and data analysis for dairy farmers. With a workforce of 288 employees, Lactanet serves over 10,000 dairy farm customers and professional advisors across Canada. The company has received industry recognition, including the "Industry Distinction Award" from the Canadian Dairy Network in 2008.

Attack Overview

Black Basta, a ransomware group that emerged in early 2022, targeted Lactanet in a recent cyberattack. The attackers exfiltrated 520 GB of data, comprising corporate information, employee data, user data, and lab data. A sample of the stolen data has been leaked, while the specific ransom demand remains undisclosed.

Ransomware Group Profile

Black Basta is known for its targeted attacks on organizations in various countries, including the US, Japan, Canada, the UK, Australia, and New Zealand. The group employs a double extortion tactic, encrypting critical data and threatening to publish sensitive information on their leak site if the ransom is not paid. Black Basta has targeted over 500 organizations globally and has made significant ransom payments since its inception.

Attack Vector

The ransomware group likely gained initial access to Lactanet's network through tactics such as spear-phishing campaigns, insider information, or purchasing network access. Once inside, the group utilized tools like QakBot and Mimikatz for lateral movement and credential harvesting. By using command and control tools like Cobalt Strike Beacons, Black Basta maintained control over compromised systems, exfiltrated data, and encrypted files to maximize leverage.

Sources

• Lactanet Website
• Black Basta Profile
• Black Basta Operations
• Black Basta Attack Details