Sargent & Lundy, a Chicago-based construction and engineering firm that designed hundreds of power stations in the US, fell victim to a ransomware attack attributed to the Black Basta cyber gang.
Sargent & Lundy suffered a data breach on October 15, resulting in threat actors stealing personal identifiable information (PII) from the company systems.
According to Turke & Strauss, a law firm that issued the breach notification on the company’s behalf, exposed information may include names and social security numbers of over 6,900 individuals.
The breach piqued the interest of US authorities since Sargent & Lundy is a US government contractor working on critical national infrastructure (CNI) projects and handles nuclear security issues.
According to a memo describing the hack obtained by CNN, investigators closely monitored darknet forums for data stolen in the attack. The attack is attributed to the Black Basta ransomware group.
Recent reports show that Black Basta often employs the banking trojan QakBot for initial access and almost immediately deploys ransomware in victim IT systems.
The Black Basta ransomware group was spotted in April 2022 and has victimized over 100 organizations thus far. The gang is operating as a ransomware-as-a-service (RaaS) provider. Like other infamous ransomware cartels, the gang employs double extortion tactics to muscle victims into paying the ransom.
Some researchers don’t exclude the possibility that some Black Basta members were linked to the notorious Conti ransomware cartel. Some members of the now-defunct Conti expressed support for Russia in Moscow’s war against Ukraine.
More from Cybernews:
Subscribe to our newsletter