Unveiling the Black Basta Ransomware Attack on The Lawrence Group

Incident Date: Apr 27, 2024

Attack Overview

VICTIM

The Lawrence Group

INDUSTRY

Construction

LOCATION

USA

ATTACKER

Blackbasta

FIRST REPORTED

April 27, 2024

Request Removal

Ransomware Attack on The Lawrence Group by Black Basta

Overview of the Attack

The Lawrence Group, a prominent design and architecture firm based in St. Louis, Missouri, has recently fallen victim to a ransomware attack orchestrated by the cybercriminal group known as Black Basta. The attack resulted in the exfiltration of approximately 505 GB of sensitive data, including personal documents, user folders, driver licenses, passports, and detailed project files.

Company Profile

Founded in 1983, The Lawrence Group is a nationally recognized firm specializing in architecture, interior design, urban design, and planning. With a revenue of $25.7 million, the company employs over 150 professionals across offices in St. Louis, Dallas, and Charlotte. The firm is known for its commitment to sustainable and innovative design solutions, catering to sectors such as commercial, healthcare, higher education, and hospitality.

The attackers managed to infiltrate The Lawrence Group's network and deploy ransomware, leading to significant data encryption and theft. The stolen data was then partially leaked on Black Basta's dark web leak site as a pressure tactic to coerce the firm into paying a ransom.

Analysis of Black Basta's Modus Operandi

Black Basta is known for its double extortion tactics, which involve not only encrypting the victim's data but also threatening to release it publicly if the ransom is not paid. The group uses a sophisticated encryption algorithm, XChaCha20, and has connections with other notorious cybercriminal groups such as Conti and FIN7. This attack underscores the high level of threat posed by Black Basta to large organizations, particularly in the construction and design sectors.

Vulnerabilities and Industry Impact

The Lawrence Group's extensive digital footprint and significant data repositories made it an attractive target for Black Basta. The firm's high-profile projects and sensitive client data likely contributed to the group's decision to target them. This incident highlights the ongoing risks faced by companies in the architecture and design industry, where intellectual property and personal data are highly valued both commercially and in the cybercriminal underworld.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.