Broadband and telecoms giant BT Group has confirmed that a ransomware gang made an “attempt” to compromise their BT Conferencing business platform. The group, which calls itself Black Basta, claims to have stolen 500GB (GigaBytes) of sensitive and financial data, although the UK operator has yet to confirm this.
According to the FBI, Black Basta is a ransomware-as-a-service (RaaS) group that was first identified in April 2022 and is known to have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia (e.g. Ascension, Capita, Rheinmetall, Hyundai’s European division and the American Dental Association).
In this case, the ransomware group claims to have compromised part of BT’s Conferencing platform and extracted 500GB worth of data in the process, which they say includes financial and organizational data, users’ data and personal docs, NDA documents, confidential information, and more (screenshots and folder listings have been posted online as evidence).
Advertisement
However, in a statement given to Bleeping Computer, BT would only confirm that an “attempt” was made to compromise the aforementioned platform and are still assessing the situation.
A BT Group spokesperson said:
“We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated.
The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected.
We’re continuing to actively investigate all aspects of this incident, and we’re working with the relevant regulatory and law enforcement bodies as part of our response.”
The ransomware gang has threatened to leak the stolen data next week, unless of course they can convince BT to pay. The FBI and CISA has previously indicated that the gang is believed to have collected at least $100 million (£78m+) in ransom payments from over 90 victims until November 2023.
Advertisement
“We go over now, live, to our BT correspondent, BT IVOR”
Come on BT Ivor, give us the spin 🙂
LOL,
Could not happen to a better company. Not that it is a good thing, this is the problem with us doing more and more online, having to register for this and that. If a large company like BT can;t keep data safe, who the hell can?
This is why I will not get things like loyalty cards that I don’t really need.
Ransomware is a huge problem for any and all businesses and organisations that hold a significant amount of valuable data.
One wonders about all the cases we don’t know about, either because the ‘victim’ company has swept it under the carpet, or don’t even know about their systems having been compromised (though the latter is less ransomware, more just bulk theft of data).
Highly doubt this considering BT are probably one of the best cyber security firms in the industry
Indeed
Just because they’re one of the best doesn’t make them immune to cyber attacks, jeez.
“Highly doubt this considering BT are probably one of the best cyber security firms in the industry”
Citation needed.
pmsl. “one of the best in the industry..”
That dosent make them immune to anything.. The way services are stacked these days or how they leverage their own cloud infra or their links to their partners clouds means there are lots of endpoints to pick away at and/or personnel to compromise. it only takes one small gap in the armour and thats it, there have also been a few zerodays announced, which makes me believe this to be credible.. T-mobile got hit states-side too.
If this happens to BT, I can only imagine how the security posture of smaller telcos are.