Duty Free Americas claimed by Black Basta ransom group


The tax-free travel retail chain Duty Free Americas (DFA) is one of a dozen new ransomware victims claimed Tuesday by the Black Basta group on its dark web leak page.

The Russian-linked ransom gang is claiming to have stolen about 1.5 terabytes of sensitive information from its corporate network systems, giving DFA a six-day deadline of March 18th to make a deal with the criminal outfit.

Black Basta Duty Free Americas claim
BlackBasta dark blog. image by Cybernews.
ADVERTISEMENT

Headquartered in Florida, DFA is known as the largest duty-free-tax-free retailer in the Western Hemisphere with over 1000 employees, and runs its own warehouses and distribution centers.

The company boasts 250 of its brand-filled stores inside airports and seaports across the US, Central, and South America, as well as locations on stretches of both US borders with Mexico and Canada.

Security researcher Dominic Alvieri first posted about the hit Tuesday on X. “Black Basta posts a dirty dozen including Duty Free Americas, which is located in over 200 airports and border crossings”, he posted.

Black Basta claims to have stolen files from multiple departments including accounting, financial, legal, human resources, including large swaths of sensitive employee data, and more.

The group posted roughly 15 sample leak pages filled with dozens of passports, social security cards, and drivers licenses from what seems to be DFA employees.

Photocopies of credit cards with account numbers in full view are also on display.

BlackBasta DFA leak samples
BlackBasta DFA leak samples. Image by Cybernews.
ADVERTISEMENT

Duty Free Americas is a wholly owned subsidiary of The Falic Group (aka Falic Fashion Group), a luxury brand fragrance empire run by the Falic family.

This is important to note because scores of sensitive documents belonging to Falic family members have appeared as leak samples on the Black Basta site, identified by the cartel as “Home folders and Personal users.”

Samples of birth certificates, marriage certificates, religious documents, US Justice Department fingerprint clearance documents, boarding passes, and even a $379,000 credit card bill are shown on the leak site (as seen above) – all belonging to various Falic family members.

Cybernews has reached out to the company and is awaiting a response.

Black Basta is believed to be an offshoot of the notorious Russian-affiliated Conti ransomware gang, raking in over $100 million in Bitcoin ransom payments since it came on the scene in 2022.

BlackBasta dozen victims
BlackBasta leak blog. Image by Cybernews.

Other victims listed in the Black Basta site Tuesday included the Flemish ‘Duvel’ Moortgat Brewing Company, Xcel luxury brand licensing and management company, and Imperial Trading Company, one of the largest convenience store distributors in North America.