Hyundai Motor Europe and California Union Hit by Ransomware Attacks

Hyundai Motor Europe confirmed a ransomware attack by Black Basta threat actors, who claim to have stolen 3TB of corporate data. Initially downplayed as IT issues, Hyundai later acknowledged the breach, citing unauthorized access to a portion of its network. While the type of data impacted remains undisclosed, stolen folder lists hint at sensitive information across legal, sales, human resources, accounting, IT, and management departments.

“Our investigations are ongoing, and we are working closely with external cybersecurity and legal experts,” the company said.

Who is Black Basta?

The Black Basta ransomware gang launched its operation in April 2022 and quickly launched a stream of double-extortion attacks.

By June 2022, Black Basta had partnered with the QBot malware operation (QakBot) to drop Cobalt Strike for remote access on corporate networks. Black Basta would use this access to spread to other devices on the network, steal data, and ultimately encrypt devices.

Black Basta is believed to be an offshoot of the notorious Conti ransomware operation, run by one of the previous Conti leaders.

Since its launch, the threat actors have been responsible for a wide range of attacks, including those against the Toronto Library, Capita, American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.

A report from Corvus Insurance and Elliptic in November 2023 says that Black Basta is believed to have received over $100 million in ransom payments since its launch.

Recommendations to combat Black Basta Ransomware:

There are several recommendations that organizations can follow to protect themselves from ransomware attacks:

1. Implement Strong Cybersecurity Measures: Ensure that your organization installs and maintains effective antivirus and firewall software. Regularly apply security patches and updates to all systems.
2. Employee Training: Train employees on cybersecurity best practices, focusing on identifying and avoiding phishing attacks. Teach them how to recognize and report suspicious activity.
3. Backup and Disaster Recovery Plans: Develop and maintain robust backup and disaster recovery plans. Regularly back up important data and have a clear plan in place for recovering from a ransomware attack.
4. Secure Remote Access: Protect against unsecured remote access by ensuring that remote access protocols, such as RDP, are secured and regularly updated to prevent unauthorized access.
5. Regular Security Monitoring: Continuously monitor and review security protocols and systems to identify vulnerabilities and potential weaknesses that can be addressed before an attack occurs.
6. Cyber Insurance: Consider purchasing cyber insurance, which can provide financial protection in the event of a ransomware attack and access to resources and expertise for responding to and recovering from an attack.
7. Antivirus and IPS Updates: Keep all antivirus and intrusion prevention system (IPS) signatures up to date to defend against the latest threats.
8. Phishing Awareness: Use phishing simulation services to train employees in detecting phishing threats. Add modules on internet threats and phishing to employee training programs.
9. Data Backup Protocols: Make changes to data backup protocols to better protect against ransomware, ensuring that backups are secure and up to date.
10. Advanced Security Measures: Consider using cloud-based security solutions, advanced endpoint security, and zero trust access and network segmentation strategies to minimize risk and reduce the impact of a successful ransomware attack.
11. Cybersecurity Expertise: Utilize as-a-service offerings from cybersecurity experts to enhance your organization’s security posture.
12. No Ransom Payments: Never pay the ransom, as it may not guarantee file recovery and could encourage further attacks or illegal activities.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.