BlackBasta claims Synlab attack, leaks some stolen documents
The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia.
The group claimed the attack on their leak site on Saturday and says they have exfiltrated approximately 1.5 TB of company and customer data, employees’ personal documents, as well as the results of customers’ medical tests.
The group threatens to leak the stolen data if the ransom isn’t paid by May 11. As way of proof, they published images of identity documents and medical tests.
The Synlab ransomware attack
Synlab is an international medical diagnostic services provider with headquarters in Munich, Germany, and branches in 30+ countries across Europe, Africa, South America and Asia.
On the morning of April 18, its Italian branch was hit by malware-wielding attackers and resulted in the temporary shutdown of its information and phone systems. Synlab Italia also temporarily paused medical sample collection and analysis services, which have recently been resumed.
On Sunday, Synlab Italia confirmed that the (unnamed) cybercriminal group responsible for the attack claims to have stolen a significant amount of data, including patient and customer data.
“Additionally, the Company has identified that the cybercriminal organization has published a limited amount of information, including the personal data of some individuals, in areas of the web where cybercriminal organizations operate,” they added, and said that they will be informing the affected individuals on Monday.
The company did not say whether it intends to pay the ransom in an effort to prevent the data getting leaked.
BlackBasta – an established ransomware-as-a-service outfit – is among the top three most active ransomware groups in Q1 2024. Its ransomware is frequently delivered via the Qakbot malware.