HQ/EMEAFind out how we can help your business
BT Group, previously known as British Telecom, has confirmed that its BT Conferencing business division has taken part of its servers offline in response to a suspected Black Basta ransomware attack.
BT Group is one of the UK’s most extensive fixed and mobile telecommunications operators. It offers various services, such as managed telecommunications, security, network, and IT infrastructure, to customers globally.
One of its officials revealed that the security issue did not affect BT Group’s operations or BT Conferencing services. However, the risk of the alleged hack is unclear, as it is unclear whether any systems were encrypted or if the attackers stole data.
Moreover, the company explained that it limited the attack to specific sections of its site by quickly taking down its servers and isolating the affected systems.
BT Group acknowledged the incident after the Black Basta revealed that it hacked into its systems.
According to reports, the Black Basta ransomware claimed responsibility for the hack on BT Group, which resulted in the theft of 500 gigabytes of data.
The notorious group stated that the database includes various details, such as financial and organisational data, user and personal documents, NDA documents, private information, and more.
In addition, these attackers revealed folder listings and images of documents requested by the corporation throughout the employment process. This group added these details to prove the legitimacy of their claims further.
The ransomware gang also posted a countdown to their dark web leak site, claiming they would release the reportedly stolen data next week to put more pressure on the British company.
The threat actors claimed to have stolen hundreds of GBs of documents from BT Conferencing servers, suggesting this was a significant breach rather than an attempt. On the other hand, a BT Group representative explained that its team are still actively investigating all aspects of this event and collaborating with the appropriate regulatory and law enforcement organisations to address the incident.
This incident is an addition to the Black Basta Ransomware-as-a-Service (RaaS) operation, which began in April 2022. During this time, these malicious actors have claimed numerous high-profile victims globally, especially from healthcare institutions and government bodies.
This incident is a developing story, and the legitimacy of the stolen data has not been confirmed. Still, potentially affected individuals should be more wary of their digital presence.
