Ransomware
A curious story saw the protagonists of a cybercriminal group and two Italian companies, victims of a misunderstanding. A few days ago, on October 31, the BlackBasta ransomware group announced that it had hacked the Italian IT company Var Group, from Empoli. The news was reported by Twitter user Claudio Sono, who posted a screenshot from the data leak site (the site where cyber criminal groups generally post information about their victims) of BlackBasta. Along with the claim, samples were also disclosed, samples of information allegedly stolen from the company.Twitter content This content can also be viewed on the site it originates from.
Too bad that the company name did not correspond to the published samples, which seem to come from another Italian company , Bitron, specializing in mechatronics. Sono, who followed the whole affair, also noticed this error.
Twitter content This content can also be viewed on the site it originates from.
In the evening, BlackBasta rectified the claim, this time reporting the data of the real victim - or at least those corresponding to the information contained in the samples
Twitter content This content can also be viewed on the site it originates from.
The information in the samples is in Chinese, reports the specialized site Red Hot Cyber, so probably belonging to one of Bitron's Chinese branches. Bitron has not yet published any official confirmation of the attack, and updates are awaited. Var Group, on the other hand, circulated a denial, defining the news of the hacking as baseless.
It would be a ransomware attack, a type of cyber attack in which malicious software is injected into the victim's systems to encrypt the data and make it unavailable until a ransom is paid in cryptocurrencies. Criminals often also use the technique of "double extortion", or the threat of publishing sensitive data online if they do not receive the requested sum.