Toronto Public Library outages caused by Black Basta ransomware attack
pMortgage giant Mr Cooper says customer data exposed in breachppCISA warns of actively exploited Juniper preauth RCE exploit chainppLockBit ransomware leaks gigabytes of Boeing datappFBI Royal ransomware asked 350 victims to pay 275 millionppMeet the Unique New Hacking Group AlphaLockppSave 112 on a lifetime subscription to AdGuards ad blockerppEthereum feature abused to steal 60 million from 99K victimsppFBI Royal ransomware asked 350 victims to pay 275 millionppQualys BrowserCheckppSTOPDecrypterppAuroraDecrypterppFilesLockerDecrypterppAdwCleanerppComboFixppRKillppJunkware Removal ToolppBest VPNsppHow to change IP addressppAccess the dark web safelyppBest VPN for YouTubeppRemove the Theonlinesearchcom Search RedirectppRemove the Smartwebfindercom Search RedirectppHow to remove the PBlock adware browser extensionppRemove the Toksearchesxyz Search RedirectppRemove Security Tool and SecurityTool Uninstall GuideppHow to Remove WinFixer Virtumonde Msevents TrojanvundoppHow to remove Antivirus 2009 Uninstall InstructionsppHow to remove Google Redirects or the TDSS TDL3 or Alureon rootkit using TDSSKillerppLocky Ransomware Information Help Guide and FAQppCryptoLocker Ransomware Information Guide and FAQppCryptorBit and HowDecrypt Information Guide and FAQppCryptoDefense and HowDecrypt Ransomware Information Guide and FAQppHow to enable Kernelmode Hardwareenforced Stack Protection in Windows 11ppHow to use the Windows Registry EditorppHow to backup and restore the Windows RegistryppHow to open a Windows 11 Command Prompt as AdministratorppHow to start Windows in Safe ModeppHow to remove a Trojan Virus Worm or other MalwareppHow to show hidden files in Windows 7ppHow to see hidden files in WindowsppeLearningppIT Certification CoursesppGear GadgetsppSecurityppppThe Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attackppThe Toronto Public Library TPL is Canadas largest public library system giving access to 12 million books through 100 branch libraries across the city The library system has 1200000 registered members and operates on a budget that surpasses 200MppEarlier this week TPL warned that a cyberattack is causing technical outages on its websites and some online servicesppThese outages include the tplca site being taken offline the inability to access your online account and outages in the tplmap passes and digital collections servicesppThe library warned that public computers and printing services are also unavailableppThe Toronto Public Library says that there is no evidence that the personal information of staff or customers has been compromised and that they are actively investigating the incident with law enforcement and thirdparty cybersecurity expertsppTPL has proactively prepared for cybersecurity issues and promptly initiated measures to mitigate potential impacts reads a notice on a temporary library website hosted on TypepadppWe have engaged with thirdparty cybersecurity experts to help us in resolving this situation We do anticipate though that it may take several days before all systems are fully restored to normal operationsppDo you have information about this or another ransomware attack If you want to share the information you can contact us securely and confidentially on Signal at 1 646 9613731 via email at lawrenceabramsbleepingcomputercom or by using our tips formppBleepingComputer has since learned that the Black Basta ransomware operation is behind the attack on the Toronto Public LibraryppA photo of the ransom note shared with BleepingComputer allowed us to confirm that the ransomware operation was behind the attackppAccording to a TPL employee the attack occurred overnight on October 27th impacting numerous services Saturday morningppBleepingComputer was told that the attack did not impact phones and had limited impact on email with those logged into their Office 365 accounts still able to access them However employees who were not currently logged into email were no longer able to access the systemppAll other internal systems were shut down after the attack as a precaution to prevent the spread of the malwareppWe were told the organizations main servers containing sensitive data were not encrypted potentially meaning that the threat actors did not have full access to the organizations networks and datappWhile it is unknown now if the ransomware gang stole data during the attack data theft is a significant component of their extortion strategyppWe will learn if data was stolen if the threat actors will use it as leverage to pressure TPL into paying a ransomppThe Black Basta ransomware gang launched its ransomware operation in April 2022 and quickly began targeting corporate victims in doubleextortion attacksppOne of its first attacks was against the American Dental Association during which the threat actors leaked stolen datappBy June 2022 Black Basta had partnered with the QBot malware operation to drop Cobalt Strike beacons on infected devices for initial access to corporate networksppOnce they gained access to a network they would steal credentials and spread laterally throughout a network while stealing datappAfter all data is stolen and the hackers gain access to the Windows domain controller the threat actors deploy an encryptor throughout the network to encrypt devicesppLike almost all ransomware operations Black Basta utilizes a Linux encryptor to target VMware ESXi virtual machines running on Linux serversppIn June 2022 the Conti ransomware operation shut down after suffering a series of embarrassing data breaches Researchers believe that the cybercrime syndicate splintered into smaller groups with one of them believed to be Black BastappHowever other researchers believe there is a link between Black Basta and the Fin7 cybercrime operation a financially motivated cybercrime gang also known as CarbanakppSince its launch the threat actors have been responsible for a stream of attacks including Capita Sobeys Knauf and Yellow Pages CanadappRecently the ransomware operation attacked ABB a Swiss tech multinational and US government contractor and leaked the companys stolen datappToronto Public Library services down following weekend cyberattackppMeet LostTrust ransomware A likely rebrand of the MetaEncryptor gangppMGM casinos ESXi servers allegedly encrypted in ransomware attackppTransForm says ransomware data breach affects 267000 patientsppThe Rise of Ransomware in Healthcare What IT Leaders Need to KnowppNot a member yet Register NowppIranian hackers launch malware attacks on Israels tech sectorppLockBit ransomware leaks gigabytes of Boeing datappTerms of Use Privacy Policy Ethics Statement Affiliate DisclosureppCopyright 2003 2023 Bleeping Computer LLC All Rights ReservedppNot a member yet Register NowppRead our posting guidelinese to learn what content is prohibitedp