{"id":90754,"date":"2023-05-10T09:15:00","date_gmt":"2023-05-10T09:15:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/?p=90754"},"modified":"2023-05-10T09:15:00","modified_gmt":"2023-05-10T09:15:00","slug":"black-basta-ransomware-attack-to-cost-capita-over-15m","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=90754","title":{"rendered":"Black Basta ransomware attack to cost Capita over \u00a315m"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2023\/05\/black-basta-ransomware-attack-to-cost-capita-over-15m.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>UK outsourcer and public sector specialist Capita expects to incur \u201cexceptional costs\u201d in the region of \u00a315m to \u00a320m as a result of the March 2023 Black Basta ransomware attack on its systems, which saw clients left <a href=\"https:\/\/www.computerweekly.com\/news\/365534245\/Three-day-Capita-outage-was-result-of-cyber-attack\">unable to provide vital public services for days<\/a>, and has resulted in a <a href=\"https:\/\/www.computerweekly.com\/news\/365535508\/Capita-customer-data-was-stolen-in-March-ransomware-attack\">major breach of customer data<\/a>, including information <a href=\"https:\/\/www.computerweekly.com\/news\/366536736\/Capita-pension-clients-told-data-may-have-leaked\">held by pensions providers<\/a>.<\/p>\n<p>In a statement to the market issued 10 May, Capita said that these costs would include specialist professional feed paid to cyber security incident responders and forensics, recovery and remediation costs, and investment to reinforce Capita\u2019s cyber security environment.<\/p>\n<p>The organisation did not mention the impact of any regulatory penalties that may or may not arise over the apparent loss of significant amounts of data, some of which is known to have been circulating on the dark web. Nor did it say whether or not it has paid off the Russian-speaking Black Basta gang.<\/p>\n<p>\u201cCapita has continued to work closely and at speed with specialist advisers and forensic experts to investigate and resolve the cyber incident,\u201d a spokesperson said.<\/p>\n<p>\u201cAs noted previously, the unauthorised intrusion was interrupted by Capita which resulted in the impact of the attack being significantly restricted. Capita understands now, based on its own forensic work and that of its third-party providers, that some data was exfiltrated from less than 0.1% of its server estate.<\/p>\n<p>\u201cCapita has taken extensive steps to recover and secure the customer, supplier and colleague data contained within the impacted server estate, and to remediate any issues arising from the incident.\u201d<\/p>\n<p>Capita said it would continue to work closely with regulators, customers, suppliers and colleagues to notify any other parties who may be affected and not yet know it, and take \u201cany remaining necessary steps\u201d to address the incident.<\/p>\n<p>It said it has also taken further steps to better ensure the integrity, safety and security of its IT infrastructure to \u201cunderpin its ongoing client service commitments\u201d.<\/p>\n<p>The organisation\u2019s underlying trading performance remains in line with expectations despite the impact of the cyber attack, with group revenues up by just under 5% year on year (YoY) for the first four months of the year, and sales performance up 16%.<\/p>\n<section class=\"section main-article-chapter\" data-menu-title=\"AWS bucket\">\n<h3 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>AWS bucket<\/h3>\n<p>Meanwhile, reports have emerged that suggest that even reckoning without the impact of the Black Basta ransomware attack, Capita has been unwittingly exposing confidential data to the public internet for years thanks to <a href=\"https:\/\/repost.aws\/knowledge-center\/secure-s3-resources\">a misconfigured Amazon Web Services (AWS) S3 storage bucket<\/a> that had no password set.<\/p>\n<p>The breach, <a href=\"https:\/\/techcrunch.com\/2023\/05\/05\/security-researcher-finds-trove-of-capita-data-exposed-online\/\">which was flagged to <i>TechCrunch<\/i><\/a> by an unnamed security researcher, appears to date back to 2016, and affects about 655GB of data in 3,000 files. The researcher claimed the data included software files, server images, Excel spreadsheets, PowerPoint presentations and more. One of the files allegedly included login credentials for a Capita IT system.<\/p>\n<p>Capita locked down the S3 bucket on being informed, and it is unknown whether or not it contained any customer data. The researcher additionally noted that they had had trouble finding an appropriate security contact within Capita, and that the organisation does not have a responsible disclosure policy in place.<\/p>\n<p>Badly secured AWS S3 buckets are <a href=\"https:\/\/www.computerweekly.com\/news\/252476870\/Exposed-AWS-buckets-again-implicated-in-multiple-data-leaks\">a frequent source of data leaks<\/a>&nbsp;and have been used on multiple occasions by malicious actors to infiltrate their victims\u2019 networks and move laterally to other systems \u2013 although there is no evidence to suggest that Black Basta used Capita\u2019s bucket to conduct its ransomware attack.<\/p>\n<p>AWS S3 buckets are private and secured by default \u2013 and as of January 2023, <a href=\"https:\/\/www.techtarget.com\/searchstorage\/news\/252529106\/Amazon-S3-now-encrypts-data-by-default\">the service now encrypts data by default, too<\/a> \u2013 so absent a targeted attack by an insider or a cyber criminal group, their contents can only be revealed by improper configuration and mismanagement.<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>UK outsourcer and public sector specialist Capita expects to incur \u201cexceptional costs\u201d in the region of \u00a315m to \u00a320m as a result of the March 2023 Black Basta ransomware attack on its systems, which saw clients left unable to provide vital public services for days, and has resulted in a major breach of customer data, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":90755,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-90754","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/90754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=90754"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/90754\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/90755"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=90754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=90754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=90754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}