• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 

Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Embargo Ransomware nets $34.2M in crypto since April 2024

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Malware
  • Security
  • Blackbasta gang claimed responsibility for Synlab Italia attack

Blackbasta gang claimed responsibility for Synlab Italia attack

Pierluigi Paganini May 04, 2024

The Blackbasta extortion group claimed responsibility for the attack that in April severely impacted the operations of Synlab Italia.

Since April 18, Synlab Italia, a major provider of medical diagnosis services, has been experiencing disruptions due to a cyber attack.

The company initially cited technical issues as the cause leading to “temporary interruption of access to computer and telephone systems and related services.” However, a concerning scenario has emerged a few hours later.

The company has released a statement informing customers of the ongoing attack and has “disabled” all company computer systems in Italy as a precautionary measure.

The company’s statement announced the suspension of all activities at sampling points, medical centers, and laboratories in Italy until further notice.

The operations of the preview points in Italy have been suspended for several days, and only since the end of April have they slowly begun to resume, with different modalities from region to region.

Synlab immediately investigated the incident and is working with external experts to contain it.

The company has yet to disclose a data breach e never mentioned in its update that it was the victim of a ransomware attack.

Certain statements of the first press release published by the company raised particular concerns:

“SYNLAB informs all Patients and Customers that it has been the victim of a hacker attack on its computer systems throughout the national territory. As a precaution, all company computer systems in Italy were immediately disabled following the identification of the attack and in accordance with the company’s computer security procedures.”

“[SYNLAB] is currently unable to determine when operations can be restored.”

In my previous post I wrote:

“These statements highlight the need for the company to isolate systems to prevent the spread of the threat and mitigate its impact. Such drastic containment measures are typically associated with malware infections, while the unavailability of affected systems often suggests a ransomware infection.

Therefore, companies that suffer a ransomware attack cannot predict when they will be operational again because they need to eradicate the threat from affected systems and restore any backups.

Another concern for companies affected by ransomware is the potential exfiltration of data. If health information is stolen in the case of SYNLAB Italy, it would pose a serious risk to affected customers’ privacy and security.”

Researchers at the platform Ransomfeed.it today revealed that the criminal group Blackbasta claimed responsibility for a ransomware attack on Synlab.

The group claimed the theft of 1.5 TB of data, including company data, employees’ personal documents, customer personal data, medical analyses (spermograms, toxicology, anatomy…), and more.

As proof of the data breach, the group published images of passports, ID cards and medical analyses.

One of the images published by the group lists the folders exfiltrated, some of which have names of medical exams, while others have the names of centers located in the Campania region, even though the attack impacted the sampling points throughout Italy.

The BlackBasta ransomware group will publish the stolen data on May 11, 2024.

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model.  

In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.

In November 2022, experts at the Cybereason Global SOC (GSOC) team observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US.

The attack chain starts with a QBot infection, The operators use the post-exploitation tool Cobalt Strike to take over the machine and finally deploy the Black Basta ransomware. The attacks began with a spam/phishing email containing malicious URL links.

The researchers noticed that once obtained access to the network, the threat actor moves extremely fast. In some cases observed by Cybereason, the threat actor obtained domain administrator privileges in less than two hours and moved to ransomware deployment in less than 12 hours.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, Synlab Italia)


facebook linkedin twitter

Blackbasta Cybercrime Hacking hacking news information security news IT Information Security malware Pierluigi Paganini ransomware Security News Synlab Italia

you might also like

Pierluigi Paganini August 15, 2025
Cisco fixed maximum-severity security flaw in Secure Firewall Management Center
Read more
Pierluigi Paganini August 15, 2025
'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

    Security / August 15, 2025

    'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

    Malware / August 15, 2025

    Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

    Hacking / August 15, 2025

    Norway confirms dam intrusion by Pro-Russian hackers

    Hacktivism / August 14, 2025

    Zoom patches critical Windows flaw allowing privilege escalation

    Security / August 14, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT