As Spiegel.de reports, the new attacker group BlackBasta is probably behind the ransomware attack on the car rental company Sixt. According to research by Heise.de, the new group seems to be a spin-off or an employee takeover of the Conti Group, which has probably dissolved.
The ransomware extortion business remains one of the most lucrative. But at some point the great invention against ransomware attacks will have to come, because they are increasing massively. The media can hardly keep up with the reporting. The car rental company Sixt was already the victim of a ransomware attack in early May 2022.
Sixt: Attack noticed early
In a press release, Sixt announced: “On April 29, 2022, IT security at Sixt SE identified IT irregularities. Response measures were initiated immediately in accordance with the pre-planned security protocols. It was subsequently confirmed that Sixt SE was the subject of a cyber attack, which Sixt was able to contain at an early stage.
As a usual precautionary measure, access to IT systems was immediately restricted and the pre-planned recovery processes were initiated. Many central Sixt systems, especially the website and apps, were kept running. This minimized the impact on the company, its operations and its services in order to provide customers with business continuity. In the short term, however, temporary disruptions are to be expected, particularly in customer centers and selected branches. Nevertheless, Sixt takes this incident seriously and has conducted a thorough investigation with internal and external experts. Sixt will provide further updates as more information becomes available and asks for customers' understanding and patience."
After Conti dissolution: new groups form
As already heise.de has reported for some time, the Conti employees are breaking new ground. They join other hacker groups or form new ransomware attack teams. Suddenly new names like Karakurt, BlackBasta or BlackByte appear in the scene. Other members probably joined ransomware-as-a-service (RaaS) gangs such as BlackCat, Alphv, HIVE, HelloKitty/FiveHands or AvosLocker and used new variants of the well-known Conti encryption software.
According to the (+)Spiegel.de The BlackBasta group is said to be behind the attack on Sixt. What exactly happened, whether data was stolen or encrypted, is not known. However, even after almost a month, Sixt is still struggling with technical problems. Because with 2.000 branches in over 110 countries, Sixt is a heavyweight in its sector and has a strong network.
More at Sixt.com