Ransomware Group: BLACKBASTA

VICTIM NAME: lornestewartgroup[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the BLACKBASTA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page associated with the victim, Lorne Stewart Group, a UK-based engineering and construction company, details a significant data breach affecting its infrastructure. Discovered on December 4, 2024, the page indicates that approximately 1 TB of data has been compromised, including financial records, personal employee data, confidential contracts, and project-related documents. The leak is attributed to the cybercriminal group known as Black Basta. The Lorne Stewart Group has built a reputable presence in both public and private sector projects, specializing in mechanical and electrical engineering, integrated facilities management, and modular construction.

The leak page provides a breakdown of the types of data that have been compromised, emphasizing the sensitive nature of the information at risk. This includes financial data, employee personal information, non-disclosure agreements, and other confidential materials relevant to their various engineering projects. The malevolent group has shared a sample of this data as a demonstration of their capabilities, implying potential consequences for the company’s engagements. The page includes screenshots of internal documents and links for downloading leaked data, although specific details or URLs are not provided due to confidentiality protocols. Overall, this incident highlights the pressing cybersecurity challenges facing industries such as construction, which rely heavily on sensitive data management.