Case Study: Large Telecom Provider restores operations and contains Black Basta ransomware with Palo Alto Networks Unit 42

Telecom Provider Contains Black Basta Attack and Restores Operations

Large Telecom Provider was hit by a severe Black Basta ransomware attack that encrypted files across tens of thousands of systems, exfiltrated sensitive data, and disrupted 50% of business operations. The company called Palo Alto Networks’ Unit 42 to assess the breach, contain the threat, negotiate the ransom, and help restore operations, using services including incident response, threat hunting, and forensic investigation.

Palo Alto Networks’ Unit 42 identified the attack vector, traced the intrusion to a QBot phishing email, and deployed Cortex XDR, Xpanse, NGFW firewalls, and Prisma Access to contain and monitor the environment. The team negotiated an 80% reduction in the ransom demand, restored critical operations within 2 days, determined the attack vector in 3 days, and later expanded protection across 30K+ endpoints with 24/7 monitoring to strengthen long-term defenses.