Toronto Public Library outages caused by Black Basta ransomware attack

The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across the city. The library system has 1,200,000 registered members and operates on a budget that surpasses $200M. Earlier this week, TPL warned that a cyberattack is causing technical outages on its websites and some online services. The library warned that public computers and printing services are also unavailable. The Toronto Public Library says that there is no evidence that the personal information of staff or customers has been compromised and that they are actively investigating the incident with law enforcement and third-party cybersecurity experts. Black Basta ransomware behind attack on TPL. BleepingComputer has since learned that the Black Basta ransomware operation is behind the attack on the Toronto Public Library. A photo of the ransom note shared with BleepingComputer allowed us to confirm that the ransomware operation was behind the attack. According to a TPL employee, the attack occurred overnight on October 27th, impacting numerous services Saturday morning. BleepingComputer was told that the attack did not impact phones and had limited impact on email, with those logged into their Office 365 accounts still able to access them. While it is unknown now if the ransomware gang stole data during the attack, data theft is a significant component of their extortion strategy. The Black Basta ransomware gang launched its ransomware operation in April 2022 and quickly began targeting corporate victims in double-extortion attacks. By June 2022, Black Basta had partnered with the QBot malware operation to drop Cobalt Strike beacons on infected devices for initial access to corporate networks. Like almost all ransomware operations, Black Basta utilizes a Linux encryptor to target VMware ESXi virtual machines running on Linux servers. In June 2022, the Conti ransomware operation shut down after suffering a series of embarrassing data breaches. Other researchers believe there is a link between Black Basta and the Fin7 cybercrime operation, a financially motivated cybercrime gang also known as Carbanak. Recently, the ransomware operation attacked ABB, a Swiss tech multinational and U.S. government contractor, and leaked the company's stolen data. Toronto Public Library services down following weekend cyberattack. Meet LostTrust ransomware - A likely rebrand of the MetaEncryptor gang. Chilean telecom giant GTD hit by the Rorschach ransomware gang. Ransomware isn't going away - the problem is only getting worse.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Toronto Public Library outages caused by Black Basta ransomware attack

Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Qilin Black Basta
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Metaencryptor Black Basta
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
1 year ago Therecord.media FIN7 Black Basta
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
1 year ago Packetstormsecurity.com LockBit Black Basta
Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
1 year ago Heimdalsecurity.com FIN7 Black Basta
Toronto Public Library confirms data stolen in ransomware attack - The Toronto Public Library confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. According to TPL, the attackers stole "a large number of ...
1 year ago Bleepingcomputer.com Black Basta
Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom - Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who ...
1 year ago Cysecurity.news FIN7 Black Basta
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
1 year ago Bleepingcomputer.com Black Basta
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
1 year ago Darkreading.com FIN7 Black Basta
New Ransomware Threat Hits Hundreds of Organisations Worldwide - Until November 2023, this group with suspected ties to Russia has accumulated ransom payments totaling a minimum of $100 million from over 90 victims. In a recent joint report by the Cybersecurity and Infrastructure Security Agency and the Federal ...
1 year ago Cysecurity.news Black Basta
Hyundai Motor Europe hit by Black Basta ransomware attack - Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. BleepingComputer first learned of the attack in early January, but when we contacted Hyundai, ...
1 year ago Bleepingcomputer.com Black Basta
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
1 year ago Bleepingcomputer.com LockBit Inc ransom Black Basta
Black Basta Ransomware Group Makes $100m Since 2022 - A prolific Russian-speaking ransomware group has made over $100m from dozens of victims since April 2022, new analysis has revealed. Corvus Insurance used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta group. ...
1 year ago Infosecurity-magazine.com Black Basta
Windows Quick Assist abused in Black Basta ransomware attacks - Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. Microsoft has been investigating this campaign since at least mid-April 2024, ...
1 year ago Bleepingcomputer.com Black Basta
Notorious Black Basta Tactics, Techniques and Procedures Uncovered From Leak - This security breach rivals the 2022 leaks that affected the Conti ransomware gang and has given threat intelligence experts valuable information about Black Basta’s capabilities, tools, and motivations. According to threat hunters at Intel471 ...
2 months ago Cybersecuritynews.com Black Basta Hunters
Toronto Zoo: Ransomware attack had no impact on animal wellbeing - Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations. The zoo said it doesn't store any credit card information and is also ...
1 year ago Bleepingcomputer.com LockBit Black Basta
CISA: Black Basta ransomware breached over 500 orgs worldwide - CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State ...
1 year ago Bleepingcomputer.com LockBit Akira Black Basta
SRLabs develops Black Basta ransomware decryptor - Researchers released a decryptor to help the numerous victims of one of 2023's most prolific double-extortion ransomware gangs, Black Basta, restore their compromised files for free. Black Basta is believed to have attacked well over 300 ...
1 year ago Packetstormsecurity.com Black Basta
Black Basta ransomware gang's internal chat logs leak online - ExploitWhispers also shared information about some Black Basta ransomware gang members, including Lapa (one of the operation's admins), Cortes (a threat actor linked to the Qakbot group), YY (Black Basta's main administrator), and Trump (aka GG and ...
3 months ago Bleepingcomputer.com Black Basta
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Microsoft Quick Assist Tool Abused for Ransomware Delivery - Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing attacks, Microsoft reports. Active since 2022 and believed to have hit over 500 organizations globally, Black ...
1 year ago Packetstormsecurity.com Black Basta
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
1 year ago Bleepingcomputer.com Inc ransom Qilin Mallox Black Basta
Toronto Zoo says it remains open after ransomware attack - The Toronto Zoo said Monday evening that it was responding to a ransomware attack detected on January 5. The organization said its staff immediately began an investigation into the incident once it was discovered. The zoo welcomes more than 1.2 ...
1 year ago Therecord.media