Ransomware Attack on Posi-Plus Technologies by Black Basta: Details and Impact

Incident Date: Jul 15, 2024

Attack Overview
VICTIM
Posi-Plus Technologies Inc
INDUSTRY
Construction
LOCATION
Canada
ATTACKER
Blackbasta
FIRST REPORTED
July 15, 2024

Ransomware Attack on Posi-Plus Technologies Inc. by Black Basta

Overview of Posi-Plus Technologies Inc.

Posi-Plus Technologies Inc., also known as Posi+, is a Canadian company headquartered in Victoriaville, Quebec. Founded in 1981, Posi+ specializes in the development and provision of innovative solutions for the construction and utility sectors. The company is renowned for its high-performance aerial devices, digger derricks, cable handlers, and cable placers for telecommunications. Posi+ employs between 51 and 200 people and has built a strong reputation for quality, innovation, and customer service.

Details of the Ransomware Attack

Posi-Plus Technologies Inc. recently fell victim to a ransomware attack orchestrated by the cybercriminal group Black Basta. The attack compromised approximately 350GB of data, including sensitive company information, confidential employee data, and financial records. This breach has raised significant concerns about data security and operational integrity within the company.

About Black Basta

Black Basta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group. Black Basta targets organizations in highly targeted attacks, employing a double extortion tactic. They encrypt critical data and threaten to publish sensitive information on their public leak site if the ransom is not paid. The group has targeted over 500 organizations worldwide, making up to US$ 100 million in ransom payments from more than 90 victims.

Penetration and Attack Methods

Black Basta employs several strategies to gain initial access to target networks, including spear-phishing campaigns, insider information, and buying network access. Once inside a network, the group uses tools like QakBot, Mimikatz, and exploiting vulnerabilities to move laterally and harvest credentials. They maintain control over compromised systems using tools like Cobalt Strike Beacons and SystemBC. Before encrypting files, Black Basta disables security tools, deletes shadow copies, and exfiltrates sensitive data to maximize their leverage.

Vulnerabilities and Impact

Posi-Plus Technologies Inc.'s focus on innovation and customized solutions makes it a significant player in the construction and utility equipment industry. However, this also makes the company a lucrative target for threat actors like Black Basta. The attack on Posi+ highlights the vulnerabilities that even well-established companies face in the evolving landscape of cyber threats. The breach has not only compromised sensitive data but also posed a significant threat to the company's operational integrity and reputation.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.