Man working on laptop showing ransomware attack

Black Basta Ransomware Attack Cost PCBA Manufacturer Keytronic Over $17 Million

Keytronic, a printed circuit board assembly (PCBA) manufacturer, has notified federal regulators that it lost approximately $17 million to the May 2024 Black Basta ransomware attack.

On May 6, the Spokane, Washington-based company learned of the cyber attack after detecting unusual server activity. It responded by activating internal cyber incident response procedures, launching an investigation with external cybersecurity experts, and notifying law enforcement authorities.

In a previous Form-8K/A regulatory filing with the U.S. Securities and Exchange Commission (SEC), Keytronic said the cyber incident disrupted various business operations “including financial and operating reporting systems.”

It also resulted in unauthorized third-party access and exfiltration of data, including personally identifiable information. The Black Basta ransomware group claimed responsibility for the attack and leaked 530 GB of stolen data, including HR, finance, engineering, and corporate documents.

Keytronic lost over $17 million in the Black Basta ransomware attack

Keytronic had anticipated that the ransomware attack would materially impact the company’s “financial condition and results of operations during the fourth quarter ending June 29, 2024.” By June 2024, the ransomware attack had cost the company $600,000.

On August 2, 2024, the PCBA manufacturer quantified the total amount lost to the May 2024 Black Basta ransomware attack.

Preliminary results for the fourth quarter of the fiscal year 2024 filed with the SEC show that Keytronic lost $2.3 million due to the ransomware attack in statutory wages paid during the shutdown, deployment of new IT infrastructure, and paying external cybersecurity experts.

“During the disruption of business, Key Tronic continued to pay wages in accordance with statutory requirements,” the PCBA manufacturer said. “The Company also deployed new IT-related infrastructure and engaged cyber security experts to remediate the incident.”

The two-week disruption in the United States and Mexico also cost the company $15 million in lost revenue during the fourth quarter of 2024. However, Keytronic strongly believes it could recover most of the revenue lost due to missed orders next year.

“Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter. Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025,” Keytronic said.

Keytronic also said it offset losses by $0.7 million in insurance gains during the same period. The PCBA manufacturer expects $125 million in Q4 2024. Keytronic reported $588 million in annual revenue in 2023.

Keytronic has withheld or not determined the threat actor’s identity despite the Black Basta ransomware gang leaking the company’s sensitive data after the ransomware attack.

Manufacturing companies are prone to cyber-attacks due to the impact that disruptions could have on the supply chain. The large volume of personal information, intellectual property, and corporate data they store, also make them popular targets for cyber attacks.

Ransomware gangs still a significant cyber threat

“Ransomware criminals are escalating their attacks on organizations with increasingly sophisticated methods, leading to substantial revenue losses and exorbitant ransom demands,” warned Jim McGann, VP of Strategic Partnerships at Index Engines. “Recently, Sonic Automotive reported $30 million in losses due to the CDK attack.”

By November 2023, Black Basta ransomware had targeted over 500 organizations worldwide and collected over $100 million from 90 victims, according to a joint cybersecurity advisory by the FBI and CISA.

Black Basta’s victims include US defense contractor ABB, German arms manufacturer Rheinmetall, which produces artillery shells for Ukraine, Hyundai’s European division, U.S. healthcare provider Ascension, and the American Dental Association.

“The impact on businesses is significant and can no longer be ignored. Organizations must enhance their cyber resiliency strategies to avoid severe consequences to their bottom line,” concluded McGann.