Home » The Blackbasta criminal gang claims to have stolen 1.5 TB of sensitive data from SynLab Italia

The Blackbasta criminal gang claims to have stolen 1.5 TB of sensitive data from SynLab Italia

by admin
The Blackbasta criminal gang claims to have stolen 1.5 TB of sensitive data from SynLab Italia

After weeks of passion for the Synlab Italia company, but above all for its customers, the claiming responsibility for the attack by a well-known cyber criminal gang known as Blackbasta. Since April 18, Synlab Italia, a leading provider of medical diagnosis services, is facing disruptions to some of its services due to a cyber attack.

In April, a cyber attack severely impacted Synlab Italia’s operations. Initially the company had blamed the outages on technical problems, however, an alarming picture soon emerged. In one of the first press releases, the company informed customers that it had “deactivated” all company IT systems in Italy as a precaution.

The effects of the decision lasted for several days with significant inconvenience for patients. Some of them have publicly denounced the impossibility of receive the results of diagnostic tests to which they had subjected themselves in the days preceding the attack. The company immediately launched an investigation into the incident and with the support of external experts is trying to contain the incident. Synlab then activated direct communication channels to support customers in need of support and with requests to be processed urgently. It must also be said that Synlab Italia, through its websitehas constantly updated customers.

In the latest update in recent days, the company informed customers that activities in the SYNLAB Collection Points and Medical Centers are progressively recovering according to a different calendar region by region.

Some passages of the press release that I report below had immediately caused concern among cyber security experts like me: “SYNLAB informs all Patients and Customers that it has suffered a hacker attack on its IT systems throughout the national territory. As a precaution, as soon as the attack has been identified and according to company IT security procedures, all company IT systems in Italy are were immediately deactivated.” And again: SynLab “is not currently able to establish when operations will be able to be restored”.

In my previous article I highlight how “the company’s need to isolate systems to avoid the propagation of a threat and mitigate the impact of the attack” could be associated with an activity to contain a threat such as malware (malicious code). Prolonged unavailability of services suggested a ransomware infection over time. To date, SynLab has not yet provided details on the attack, such as the possible data breach, the type of threat that affected its systems, and above all it has not never mentioned in its updates that it was the victim of a ransomware attack.

See also  IT safety: Windows is underneath menace - Irfan Skiljan IrfanView IT safety alert replace (danger: medium)

In these cases, the priorities for victims of an attack are to restore operations and Determine whether data has been exfiltrated. For companies operating in the healthcare sector, it is crucial to also qualify the type of information that may be exfiltrated and could be disclosed. If health information is involved, there would be a concrete risk for the privacy and security of the customers concerned.

As the company continues to deal with the incident, the group of Italian researchers from the Ransomfeed.it platform have revealed that the criminal group Blackbasta claimed responsibility for the attack on Synlab. If the claim was confirmed, it would therefore have been a ransomware attack as hypothesized. The group said it stole as much as 1.5TB of data, including company data, employee personal documents, customer personal datamedical analyzes (eg spermiograms, toxicological tests), and more.

As proof of the data breach, the group posted on its site on the dark web a series of images relating to stolen documents, such as passports, identity cards and medical tests. One of the images published by the group shows a series of folders exfiltrated during the attack, some of which have medical test names.

Interestingly, some of the folders have the names of centers located in the Campania region, even though the attack hit collection points throughout Italy. This circumstance suggests that the folders may relate to some server used by one of the sampling points in the Campania Region which may have been the entry point of the attackers. The conditional is a must because we should have the ability to analyze the affected systems to determine what happened.

See also  India will send a helicopter on its next mission to Mars

The BlackBasta group announced that it will publish the stolen data on May 11, 2024, thus providing no more than a week’s time to the victim for a possible negotiation. After this date, employee and customer data will be publicly released by the group on your website. Other criminal groups could use this data to blackmail the affected people or try to conduct some type of fraud against them. The availability of documents such as passports and identity cards, associated with other information could put at risk of identity theft among the users involved.

Who is the Blackbasta group? Black Basta is a group dedicated to extortion activity that has been active since April 2022. Like other ransomware operations, the group implements a double extortion model, i.e. it steals data from victims and encrypts the affected systems and then asks for a ransom which if not paid will lead to at the publication of the stolen information. In November 2022, Sentinel Labs researchers reported finding evidence linking the Black Basta ransomware group to a well-known financially motivated hacking group known as FIN7.

Returning to the SynLab case, all we can do is wait for the next 7 days until Blackbasta’s ultimatum expires.

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy