Multiple US electric utilities had their data stolen in an October Black Basta ransomware attack that targeted Chicago-based Sargent & Lundy, a US government contractor that handles critical infrastructure projects across the country, CNN reported.
Sargent & Lundy is an engineering company that has designed more than 900 power stations and thousands of miles of power systems and that holds sensitive data on those projects, and also handles nuclear security issues.
According to sources familiar with the matter, the incident was contained and remediated, and didn’t appear to have a broader impact on other power-sector firms. There is no evidence that the stolen data, which includes “model files” and “transmission data” the firm uses for utility projects, has been leaked on the dark web.
Sargent & Lundy’s spokeswoman told CNN that the incident had minimal impact on the company’s business, but provided no further information regarding the attack.
Black Basta is a ransomware group operating as ransomware-as-a-service (RaaS) that was initially spotted in April 2022. The group uses the double-extortion tactics and a number of tools, including the Qakbot trojan and PrintNightmare exploit. According to a recent report, Black Basta was one of the most prolific ransomware groups in Q3, 2022 along with LockBit, Hive, Alphv (aka BlackCat) and BianLian.
