Keytronic Suffers Massive $17 Million Blow in Devastating Ransomware Attack

Imagine waking up one morning to find that your business has been attacked, your operations have come to a screeching halt, and sensitive information has been stolen. This nightmare scenario became a reality for electronic manufacturing services provider Keytronic, who recently revealed losses of over $17 million due to a ransomware attack in May.

A Brief History of Keytronic

Keytronic is an American technology company that started in 1969 as an Original Equipment Manufacturer (OEM) of keyboards and mice. Over the years, they’ve grown to become one of the largest manufacturers of printed circuit board assembly (PCBA) worldwide. With facilities in the United States, Mexico, China, and Vietnam, the company’s global reach made it a prime target for cybercriminals.

The Ransomware Attack

On May 6, Keytronic detected disruptions at its Mexico and U.S. sites that impacted business applications supporting both operations and corporate functions. According to a filing with the U.S. Securities and Exchange Commission (SEC), the company stated that the incident led to approximately $2.3 million in additional expenses and a loss of around $15 million in revenue during the fourth quarter.

While most of these orders are recoverable and expected to be fulfilled in the 2025 fiscal year, the impact of the attack was significant. The company also reported an insurance gain of $0.7 million during the quarter to help offset some of these expenses.

The Aftermath

During the incident response, Keytronic was forced to shut down its domestic and Mexico operations for two weeks. The attackers also managed to steal personal information from the company’s systems during the breach.

Although Keytronic hasn’t attributed the attack to a specific threat group, the Black Basta ransomware gang claimed responsibility in late May and leaked what they said was all the data stolen from the company’s systems. The group stated that they were able to exfiltrate a wide range of data, including human resources, finance, engineering, and corporate files.

On its dark web leak website, Black Basta leaked screenshots of employees’ passports and social security cards, customer presentations, and corporate documents.

Who is Black Basta?

Black Basta is a Ransomware-as-a-Service (RaaS) operation that emerged in April 2022 and has since claimed many high-profile victims, including government contractors and healthcare companies. Some of their notable victims include German defense contractor Rheinmetall, government contractor ABB, U.S. healthcare giant Ascension, U.K. tech outsourcing firm Capita, the American Dental Association, Hyundai’s European division, the Toronto Public Library, and Yellow Pages Canada.

According to the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI, Black Basta affiliates have breached over 500 organizations and collected at least $100 million in ransom payments from over 90 victims until November 2023.

At the time of writing, Keytronic has yet to reply to a request for more information regarding the incident, including the total number of people impacted by the resulting data breach.

Don’t Let Your Business Be the Next Victim

The Keytronic ransomware attack serves as a sobering reminder that no organization is immune to the threat of cybercrime. As cybercriminals become more sophisticated and relentless, it’s essential for businesses to prioritize cybersecurity and stay informed on the latest threats and best practices.

Don’t wait until it’s too late. Reach out to us at IT Services to learn more about how we can help protect your business from ransomware attacks and other cyber threats. Together, we can ensure that you stay one step ahead of cybercriminals and keep your valuable data safe.