BlackCat Claims Responsibility For Swissport Attack

BlackCat (ALPHV), dubbed the ‘most sophisticated’ ransomware group of 2021, has claimed the responsibility for the Swissport ransomware attack by leaking a small set of sample files that the group claimed to have obtained from Swissport. The threat actor is striving to sell the entire 1.6 TB ‘data dump’ to a prospective buyer. The data leak page, as seen by DarkTracer: DarkWeb Criminal Intelligence, contained passports, internal business memos, and details of job candidates including:

  • Full Name
  • Passport Number
  • Nationality
  • Religion (Muslim or Non-Muslim)
  • Email
  • Phone Number
  • Job role, interview scores, other recruitment info

Swissport has maintained the attack was “largely contained”, with systems fully cleaned and restored.

Saryu Nayyar, CEO and Founder, Gurucul had this to say:

“While Swissport is claiming the cyber-attack was ‘largely contained’, 1.6TB of data exfiltrated is no joke. They are indeed lucky that only personal information was stolen versus a disruption in service. However, this shows how easy it is for threat actors to compromise networks and go largely undetected for large periods of time. Current XDR and SIEM solutions are incapable of preventing damage or disruption despite claims that would lend you to believe they are a silver bullet in detecting and preventing successful breaches. Organizations need to look at Next Generation SIEM solutions that employ true self-learning machine learning (ML) models with an extensive library and variety of advanced analytics if they have any hope of preventing new and emerging attacks from groups like BlackCat and Darkside. Automated detection, as well as high-fidelity non-disruptive response, early in the kill chain is critical to truly containing the attack before damage is done, not well after an attack has already made progress in its main objective.”

This attack is truly no joke. Swissport needs to get on top of this so that what has happened to date is the only bad thing that happens to them.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: