Broadband and telecoms giant BT Group has confirmed that a ransomware gang made an “attempt” to compromise their BT Conferencing business platform. The group, which calls itself Black Basta, claims to have stolen 500GB (GigaBytes) of sensitive and financial data, although the UK operator has yet to confirm this.
According to the FBI, Black Basta is a ransomware-as-a-service (RaaS) group that was first identified in April 2022 and is known to have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia (e.g. Ascension, Capita, Rheinmetall, Hyundai’s European division and the American Dental Association).
In this case, the ransomware group claims to have compromised part of BT’s Conferencing platform and extracted 500GB worth of data in the process, which they say includes financial and organizational data, users’ data and personal docs, NDA documents, confidential information, and more (screenshots and folder listings have been posted online as evidence).
However, in a statement given to Bleeping Computer, BT would only confirm that an “attempt” was made to compromise the aforementioned platform and are still assessing the situation.
A BT Group spokesperson said:
“We identified an attempt to compromise our BT Conferencing platform. This incident was restricted to specific elements of the platform, which were rapidly taken offline and isolated.
The impacted servers do not support live BT Conferencing services, which remain fully operational, and no other BT Group or customer services have been affected.
We’re continuing to actively investigate all aspects of this incident, and we’re working with the relevant regulatory and law enforcement bodies as part of our response.”
The ransomware gang has threatened to leak the stolen data next week, unless of course they can convince BT to pay. The FBI and CISA has previously indicated that the gang is believed to have collected at least $100 million (£78m+) in ransom payments from over 90 victims until November 2023.