BlackBasta Ransomware Attack on The Robson Companies, Inc. - Data Breach and Impact

Incident Date: Jun 07, 2024

Attack Overview
VICTIM
The Robson Companies, Inc.
INDUSTRY
Real Estate
LOCATION
USA
ATTACKER
Blackbasta
FIRST REPORTED
June 7, 2024

BlackBasta Ransomware Attack on The Robson Companies, Inc.

Overview of The Robson Companies, Inc.

The Robson Companies, Inc. is a real estate development firm specializing in luxury 55+ active adult retirement communities. With over five decades of experience, the company has established itself as a leader in creating high-end homes combined with world-class resort amenities. Headquartered in Broken Arrow, Oklahoma, the company operates with a relatively small team of 11-50 employees. Despite its size, The Robson Companies has developed communities across several states, making it a well-established player in the real estate development sector.

Details of the Ransomware Attack

In a targeted attack, the ransomware group BlackBasta compromised 6009 bytes of sensitive data from The Robson Companies, Inc. The stolen information included HR, Accounting, and Payroll records, as well as personal documents of employees such as tax forms, passport scans, driver's licenses, IDs, and Social Security numbers. Client data was also compromised. The breach affected several critical folders, including "OLD DATA 10-2020," "ACC PAYABLE," "ACC Reports," and "Audit Work Papers."

About BlackBasta

Emerging in early 2022, BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) group. The group is believed to have connections to the defunct Conti threat actor group. BlackBasta is known for its double extortion tactics, encrypting critical data and threatening to publish it if the ransom is not paid. The group targets organizations in the US, Japan, Canada, the UK, Australia, and New Zealand, focusing on highly targeted attacks rather than a broad approach.

Penetration and Impact

To gain initial access to target networks, BlackBasta employs various strategies, including spear-phishing campaigns, insider information, and buying network access. Once inside, they use tools like QakBot and Mimikatz for lateral movement and credential harvesting. The attack on The Robson Companies significantly impacted their business operations, compromising critical data and potentially exposing sensitive information of both employees and clients.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.