Malware
Keytronic Admits Massive Data Breach as Ransomware Gang Exposes Stolen Files
Keytronic, a US electronics manufacturer, confirms a data breach following the Conti ransomware gang leaking stolen files. The company is now working to mitigate the attack’s impact and has implemented additional security measures to protect sensitive information.
Imagine this scenario: You’re a giant in the world of printed circuit board assembly (PCBA) manufacturing, and suddenly, your company’s data is breached by a notorious ransomware gang. That’s exactly what happened to Keytronic, an American technology company, when the Black Basta ransomware gang leaked a whopping 530GB of their stolen data two weeks ago.
Keytronic, initially known for manufacturing keyboards and mice, is now one of the largest PCBA manufacturers in the industry. In May, they disclosed in an SEC filing that they had been hit by a cyberattack that disrupted their operations and limited access to crucial business applications. To make matters worse, the company later confirmed that the attackers had stolen personal information during the attack.
The Aftermath of the Attack
Keytronic had to shut down domestic and Mexico operations for two weeks to respond to the attack, but they’ve now resumed normal operations. Their recent SEC filing revealed that the company is in the process of notifying potentially affected parties and regulatory agencies, as required by law.
Unfortunately, the attack and loss of production will have a significant financial impact on Keytronic’s fourth quarter ending June 29, 2024. The company has already spent around $600,000 on external cybersecurity experts, and these expenses may continue to rise.
While Keytronic didn’t point fingers at a specific threat group, the Black Basta ransomware operation claimed responsibility for the attack two weeks ago. They boasted that they had stolen 100% of the company’s data, including human resources, finance, engineering, and corporate data. The attackers even shared screenshots of employees’ passports, social security cards, customer presentations, and corporate documents.
Introducing Black Basta
The Black Basta ransomware operation emerged in April 2022 and is believed to consist of former members of the Conti ransomware operation. After Conti shut down, these members splintered into smaller groups, and Black Basta has since become one of the most significant ransomware operations in the game.
Black Basta has been responsible for numerous high-profile attacks, including those against Capita, Hyundai’s European division, the Toronto Public Library, the American Dental Association, and more recently, a ransomware attack that hit U.S. healthcare giant Ascension.
Last month, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI revealed that Black Basta had breached 500 organizations between April 2022 and May 2024, stealing data from at least 12 out of 16 critical infrastructure sectors. Research by cybersecurity company Elliptic and cyber insurance firm Corvus Insurance shows that Black Basta has extorted at least $100 million in ransom payments from over 90 victims through November 2023.
What Can You Do?
It’s clear that cyberattacks and ransomware operations like Black Basta are becoming increasingly sophisticated and damaging. As a reader, you might be wondering what steps you can take to protect yourself and your business from such threats.
That’s where we come in. Our IT Services team is dedicated to providing you with the knowledge and resources you need to stay one step ahead of cybercriminals. We encourage you to reach out to us for guidance and to keep coming back to learn more about cybersecurity best practices.