Malware
Rheinmetall, a leading arms manufacturer, falls victim to BlackBasta ransomware attack – a timely reminder of the growing cyber threats to businesses.
Arms manufacturer Rheinmetall has confirmed a ransomware attack, stating that the incident had a minor impact on its operations. The attackers, known as BlackBasta, demanded a ransom in exchange for not publishing the stolen data. Rheinmetall claims that they did not pay the ransom and instead relied on their IT security measures to protect their data.
Rheinmetall Confirms BlackBasta Ransomware Attack on Civilian Business
German automotive and arms manufacturer, Rheinmetall AG, has confirmed that its civilian business has been impacted by a BlackBasta ransomware attack. Rheinmetall is a manufacturer of automotive, military vehicles, armaments, air defense systems, engines, and various steel products, employing over 25,000 people with an annual revenue of over $7 billion.
On May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site, along with samples of data that the hackers claimed to have stolen from the German company. The published data samples include non-disclosure agreements, technical schematics, passport scans, and purchase orders.
A Rheinmetall spokesperson confirmed the attack, clarifying that it only impacted its civilian department. “Rheinmetall is continuing to work on resolving an IT attack by the ransomware group Black Basta. This was detected on 14 April 2023. It affects the Group’s civilian business. Due to the strictly separated IT infrastructure within the Group, Rheinmetall’s military business is not affected by the attack,” said the spokesperson.
The company also stated that it had informed the relevant law enforcement authorities and filed a criminal complaint with the Cologne public prosecutor’s office.
Rheinmetall plays an important role in providing aid to Ukraine and recently upgraded its ties with a state-owned tank manufacturer in Ukraine by launching a new strategic cooperation program.
Are BlackCat and BlackBasta ransomware attacks related?
Seiko blackcat ransomware attack and BlackBasta ransomware attacks are not directly related. While both involve ransomware attacks, they originate from different threat actors and operate independently. It is important to acknowledge the possibility of other similarities or overlaps, but at present, there is no evidence to suggest a direct connection between these specific cyber threats.
Recent BlackBasta Activity
The BlackBasta ransomware gang launched its operations in April 2022 and has had multiple successful breaches against high-profile entities recently. On May 7th, 2023, the threat group announced an attack against leading electrification and automation technology provider ABB. In April 2023, BlackBasta breached the Canadian directory publisher Yellow Pages Group, stealing sensitive documents and data in the process. On March 22nd, 2023, the threat actors infiltrated the corporate network of Capita, a British outsourcing giant contracted by multiple departments of the UK’s government and army. Later, on May 13th, Capita warned its customers that they should assume BlackBasta compromised their data.