In the two years since its inception, the Black Basta ransomware-as-a-service, through its subsidiaries, has compromised more than 500 organizations around the world, law enforcement claims.
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a joint security advisory on black Basta shares valuable information on adversary tactics, techniques and procedures (TTP), indicators of compromise (IOC) and more, to help organizations protect against the growing threat.
This has cemented its position as one of the most prolific ransomware threats in the world, wreaking havoc across industries as the attacks disrupt businesses and leak sensitive data onto the dark web.
Increasing sophistication
According to the advisory, Black Basta has infected more than 500 organizations around the world since April 2022, when it was first observed. The victims include organizations in twelve of the sixteen critical infrastructure sectors, including healthcare and public health.
Black Basta victims include Hyundai Europe, Capita, The American Dental Association, Yellow Pages Canada, Dish and many, many others.
Black Basta most likely emerged after the demise of Conti, another major ransomware player until the beginning of the Russian invasion of Ukraine.
At the time, the group publicly announced its ties to the Kremlin regime, causing a backlash among its affiliates (many of whom were Ukrainian). Shortly afterwards, the group disbanded, with one of the newly created threat actors possibly being Black Basta.
To protect against the threat, companies should always ensure that their software and hardware are up to date and that their employees are aware of the dangers of phishing and social engineering. After all, Black Basta’s first point of contact is almost always a phishing email.
Through BleepingComputer