BT Group Cyber Attack

BT Group has confirmed it is addressing an attempted cyberattack on one of its legacy business units following claims by the Black Basta ransomware group.

 

On Wednesday, Black Basta listed "BT Group" on its data leak site. However, in a statement to The Register, BT clarified that the incident was limited to BT Conferencing, a smaller business unit headquartered in Braintree, Massachusetts.

 

 

Company Response

 

A BT spokesperson explained, “We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated."

 

The spokesperson further emphasized:

 

Impact was limited: The affected servers do not support live BT Conferencing services, which remain fully operational.

No broader effects: Other BT Group systems and customer services were unaffected.

Ongoing investigations: The company is actively investigating and working with regulatory and law enforcement bodies to respond to the incident.

 

 

Black Basta’s Claims

 

The ransomware group alleges it has exfiltrated approximately 500 GB of data, including files related to finance, non-disclosure agreements, user information, and more. Black Basta shared samples of what it claims to be stolen data, including identity document scans, visa records, and employee bonus details. However, much of the data appears to date back to the previous decade.

 

 

Black Basta’s Track Record

 

Active since April 2022, Black Basta has become one of the most prolific ransomware groups, reportedly generating over $100 million in revenue. According to the Cybersecurity and Infrastructure Security Agency (CISA), the group has targeted more than 500 organizations globally, including critical infrastructure and healthcare providers.

 

 

High-profile victims attributed to Black Basta include:

 

Southern Water, a regional water supplier in the UK.

Ascension, a faith-based healthcare organization in the US.

Authorities, including CISA, continue to monitor the group's activities closely and have issued advisories on their methods and tactics.

 

BT Group has reassured customers and stakeholders that they are taking every necessary step to contain the incident and prevent further risks.