Keytronic Faces $17 Million in Costs After Ransomware Attack

Threat Actor: Black Basta | Black Basta
Victim: Keytronic | Keytronic
Price: $17 Million
Exfiltrated Data Type: Personal Information, HR, Finance, Engineering documents, Corporate data, Home users data

Key Points :

  • Keytronic faced expenses and lost revenue exceeding $17 million due to a ransomware attack.
  • The attack was detected on May 6, 2024, leading to unauthorized access to its IT systems.
  • Black Basta ransomware group leaked approximately 530 GB of allegedly stolen data.
  • The company incurred $600,000 in initial expenses related to the incident.
  • Operations in the U.S. and Mexico were halted for about two weeks due to the attack.
  • Keytronic has engaged cybersecurity experts to remediate the incident and restore operations.
  • Most lost orders are expected to be recoverable and fulfilled in fiscal year 2025.

Printed circuit board assembly (PCBA) manufacturer Keytronic reported that a recent ransomware attack led to expenses and lost revenue exceeding $17 million.

In June, Keytronic disclosed a data breach after a ransomware group leaked allegedly stolen personal information from its systems. The company did not provide any info on the ransomware operation that hit its network, however Black Basta ransomware group leaked over 500 gigabytes of data allegedly stolen from the company. Black Basta ransomware group claims to have stolen ≈530 GB of data, including HR, Finance, Engineering documents, Corporate data, and home users data.

Keytronic Blackbasta ransomware

On May 6, 2024, the company detected unauthorized access to portions of its information technology systems. Keytronic immediately launched an investigation into the incident with the help of external cybersecurity experts and notified law enforcement.

The company was forced to halt domestic and Mexico operations for approximately two weeks.

“The cybersecurity incident caused disruptions, and limitation of access, to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions, including financial and operating reporting systems.” reads the FORM 8-K/A filed with SEC. “Since the date of the Original Report, the Company has determined that the threat actor accessed and exfiltrated limited data from the Company’s environment, which includes some personally identifiable information.”

As of the date of the FORM 8-K filing, the company restored its operations and corporate functions and locked out the unauthorized third party. Keytronic notified potentially affected parties and regulatory agencies. In June, the company said it had already incurred $600,000 in expenses related to the cybersecurity incident.

On Friday, the manufacturer published a preliminary financial report for Q4 2024 that revealed that the ransomware attack resulted in additional expenses and lost revenue of more than $17 million.

“As previously disclosed, Key Tronic detected a cybersecurity incident on May 6, 2024 that caused disruptions and limited access to portions of the Company’s business applications supporting operations and corporate functions, including financial and operating reporting systems, at its Mexico and U.S. sites during the fourth quarter of fiscal 2024.” states the report. “During the disruption of business, Key Tronic continued to pay wages in accordance with statutory requirements. The Company also deployed new IT-related infrastructure and engaged cyber security experts to remediate the incident. Due to this event, the Company incurred approximately $2.3 million of additional expenses and believes that it lost approximately $15 million of revenue during the fourth quarter. Most of these orders are recoverable and are expected to be fulfilled in fiscal year 2025. Partially offsetting these additional expenses was an insurance gain in the amount of $0.7 million that was also recorded during the quarter.”

The company pointed out that most orders could to be recovered and completed by fiscal year 2025.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)