BlackBasta Ransomware Attack on The Robson Companies, Inc. - Data Breach and Impact
BlackBasta Ransomware Attack on The Robson Companies, Inc.
Overview of The Robson Companies, Inc.
The Robson Companies, Inc. is a real estate development firm specializing in luxury 55+ active adult retirement communities. With over five decades of experience, the company has established itself as a leader in creating high-end homes combined with world-class resort amenities. Headquartered in Broken Arrow, Oklahoma, the company operates with a relatively small team of 11-50 employees. Despite its size, The Robson Companies has developed communities across several states, making it a well-established player in the real estate development sector.
Details of the Ransomware Attack
In a targeted attack, the ransomware group BlackBasta compromised 6009 bytes of sensitive data from The Robson Companies, Inc. The stolen information included HR, Accounting, and Payroll records, as well as personal documents of employees such as tax forms, passport scans, driver's licenses, IDs, and Social Security numbers. Client data was also compromised. The breach affected several critical folders, including "OLD DATA 10-2020," "ACC PAYABLE," "ACC Reports," and "Audit Work Papers."
About BlackBasta
Emerging in early 2022, BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) group. The group is believed to have connections to the defunct Conti threat actor group. BlackBasta is known for its double extortion tactics, encrypting critical data and threatening to publish it if the ransom is not paid. The group targets organizations in the US, Japan, Canada, the UK, Australia, and New Zealand, focusing on highly targeted attacks rather than a broad approach.
Penetration and Impact
To gain initial access to target networks, BlackBasta employs various strategies, including spear-phishing campaigns, insider information, and buying network access. Once inside, they use tools like QakBot and Mimikatz for lateral movement and credential harvesting. The attack on The Robson Companies significantly impacted their business operations, compromising critical data and potentially exposing sensitive information of both employees and clients.
Sources
- Robson Resort Communities
- Bloomberg - The Robson Companies, Inc.
- RocketReach - The Robson Companies, Inc.
- Dun & Bradstreet - The Robson Companies, Inc.
- LinkedIn - The Robson Companies, Inc.
- BlackBerry - BlackBasta
- Flashpoint - Understanding BlackBasta Ransomware
- Sangfor - BlackBasta Ransomware Attack
- Exponential-e - BlackBasta Ransomware Group
- InfoSecurity Magazine - BlackBasta Ransomware Victim
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!