Ransomware victim disclosure

bnext.nl

Claimed by blackbasta · listed 1 year ago

500 GB

Data size

17m

Age

since listed · data leaked

Status timeline

Listed
Jan 11, 2025
Data leaked

At a glance

Group: blackbasta
Status: Data leaked
Country: Netherlands
Sector: Technology
Listed on leak site: Jan 11, 2025
Data size: 500 GB

About the victim

AI dossier — public-source company profile

Bnext is a Dutch waste management and recycling company established in 1992, specializing in construction and demolition waste processing. Operating 90 locations across the Netherlands, the company processes approximately 1.6 million tonnes of waste streams annually and provides tailored waste solutions to various sectors including hospitality, retail, real estate, and construction.

Industry: Waste Management & Recycling
Address: Ankerweg 16, 1041 AT Amsterdam, Netherlands
Founded: 1992

Attack summary

Severity: high — Confirmed exfiltration and publication of 500 GB of data including financial records, employee PII, and confidential business information from an established operating company.

BlackBasta claims to have exfiltrated approximately 500 GB of data from Bnext, including financial records, accounting data, contracts, confidential business information, employee personal data, and project files. The group has published the data.

high

Data the group says was taken

AI dossier — extracted from the leak post

Financial data
Accounting records
Contracts
Confidential business data
Employee personal data
Project data

What the group claims

Bnext.nl is a Dutch company specializing in sustainable waste management and recycling, particularly in the construction and demolition sectors. Established in 1992, Bnext has evolved from a supporting agency in demolition and infrastructure to a significant player in the recycling of construction materials and the processing of industrial waste.SITE: www.Bnext.nlADDRESS: Ankerweg 16 1041 AT Amsterdam NetherlandsTEL#: +31 (0) 88 260 01 12ALL DATA SIZE: ≈500gb+ 1. Financial data, Accounting 2. Contracts, Confidential data 3. Personal employees data 4. Projects data & etc…

Sources

Victim sitebnext.nl
Leak posthttp://stniiomyjliimcgkvdszvgen3eaaoz55hreqqx6o77yvmpwt7gklffqd.onion/?id=bnext.nl

Source

Indexed 1 year ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About blackbasta

Black Basta is a financially motivated ransomware group that emerged in April 2022 and has rapidly established itself as a significant threat actor, compromising over 500 organizations globally within its first two years of operation. The group is suspected to have ties to Russia-based cybercriminal networks and operates as a Ransomware-as-a-Service (RaaS) model, recruiting affiliates to conduct attacks while the core group maintains the ransomware infrastructure and negotiates with victims. Black Basta primarily gains initial access through phishing campaigns, exploitation of unpatched vulnerabilities, and compromised Remote Desktop Protocol (RDP) credentials, then deploys custom tools and living-off-the-land techniques to move laterally through networks before deploying their ransomware payload that uses ChaCha20 encryption. The group employs double extortion tactics, stealing sensitive data before encryption and threatening to publish it on their leak site if ransom demands are not met. Notable campaigns include attacks on major manufacturing companies, healthcare organizations, and critical infrastructure entities primarily across the United States, United Kingdom, Germany, Canada, and Italy, with the group showing particular focus on business services, manufacturing, technology, agriculture and food production, and transportation/logistics sectors. As of 2024, Black Basta remains active and continues to evolve its tactics, techniques, and procedures while maintaining a steady pace of victim recruitment and ransom collection operations. The group has been linked to 523 public disclosures across our corpus. First observed on a leak site on April 26, 2022; most recent post January 11, 2025. The operation is currently inactive.

Timeline of this disclosure

January 11, 2025bnext.nl listed by blackbastaon the group's public leak site

Data size: 500 GB

Other recent disclosures by blackbasta

blackbasta has been linked to 523 public victims on Darkfield. A sample of the most recent: