CISA: Black Basta ransomware breached over 500 orgs worldwide

CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State Information Sharing and Analysis Center, the two federal agencies added that the gang also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors.
Black Basta emerged as a Ransomware-as-a-Service operation in April 2022.
Its affiliates have since breached many high-profile victims, including German defense contractor Rheinmetall, Hyundai's European division, U.K. technology outsourcing company Capita, industrial automation company and government contractor ABB, the Toronto Public Library, the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.
After the Conti cybercrime syndicate shut down in June 2022 following a series of embarrassing data breaches, it split into multiple groups, one of these factions believed to be Black Basta.
According to Elliptic and Corvus Insurance research, this Russian-linked ransomware gang has also raked in at least $100 million in ransom payments from more than 90 victims until November 2023.
The joint advisory also provides defenders tactics, techniques, and procedures and indicators of compromise used by Black Basta affiliates and identified during FBI investigations.
Defenders should keep operating systems, software, and firmware up-to-date, require phishing-resistant Multi-Factor Authentication for as many services as possible, and train users to recognize and report phishing attempts to mitigate Black Basta ransomware attack risks.
They should also secure remote access software by applying CISA-recommended mitigations, making backups of device configurations and critical systems as often as possible to enable faster repairs and restoration, and implementing mitigations shared in the StopRansomware Guide.
The agencies specifically highlighted the increased risks healthcare orgs are facing from this ransomware operation and urged them to ensure that these recommended mitigations are applied to block potential attacks.
While the federal agencies didn't share what prompted today's advisory, Black Basta was linked this week to a suspected ransomware attack that hit the systems of healthcare giant Ascension, forcing the U.S. healthcare network to redirect ambulances to unaffected facilities.
FBI: Akira ransomware raked in $42 million from 250+ victims.
Lockbit's seized site comes alive to tease new police announcements.
CISA urges software devs to weed out path traversal vulnerabilities.
CISA urges software devs to weed out SQL injection vulnerabilities.


This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 13 May 2024 00:44:05 +0000


Cyber News related to CISA: Black Basta ransomware breached over 500 orgs worldwide

More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
11 months ago Therecord.media
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
5 months ago Bleepingcomputer.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
CISA: Black Basta ransomware breached over 500 orgs worldwide - CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State ...
5 months ago Bleepingcomputer.com
Black Basta Buster Utilizes Ransomware Flaw to Recover Files - Security research and consulting firm SRLabs exploited a vulnerability in the encryption algorithm of a specific strain of Black Basta ransomware to develop and release a decryptor tool named Black Basta Buster. This tool, released in response to the ...
10 months ago Heimdalsecurity.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
11 months ago Packetstormsecurity.com
New Black Basta decryptor exploits ransomware flaw to recover files - Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for ...
10 months ago Bleepingcomputer.com
New Ransomware Threat Hits Hundreds of Organisations Worldwide - Until November 2023, this group with suspected ties to Russia has accumulated ransom payments totaling a minimum of $100 million from over 90 victims. In a recent joint report by the Cybersecurity and Infrastructure Security Agency and the Federal ...
5 months ago Cysecurity.news
Windows Quick Assist abused in Black Basta ransomware attacks - Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. Microsoft has been investigating this campaign since at least mid-April 2024, ...
5 months ago Bleepingcomputer.com
'Black Basta Buster' Exploits Ransomware Bug for File Recovery - Researchers have exploited a weakness in a particular strain of the Black Basta ransomware to release a decryptor for the malware, but it doesn't recover all of the files encrypted by the prolific cybercriminal gang. Security research and consulting ...
10 months ago Darkreading.com
Learn How to Decrypt Black Basta Ransomware Attack Without Paying Ransom - Researchers have created a tool designed to exploit a vulnerability in the Black Basta ransomware, allowing victims to recover their files without succumbing to ransom demands. This decryption tool potentially provides a remedy for individuals who ...
10 months ago Cysecurity.news
Black Basta Ransomware Group Makes $100m Since 2022 - A prolific Russian-speaking ransomware group has made over $100m from dozens of victims since April 2022, new analysis has revealed. Corvus Insurance used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta group. ...
11 months ago Infosecurity-magazine.com
Toronto Public Library outages caused by Black Basta ransomware attack - The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. The Toronto Public Library is Canada's largest public library system, giving access to 12 million books through 100 branch libraries across ...
11 months ago Bleepingcomputer.com
Hyundai Motor Europe hit by Black Basta ransomware attack - Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. BleepingComputer first learned of the attack in early January, but when we contacted Hyundai, ...
8 months ago Bleepingcomputer.com
The Week in Ransomware - With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it ...
10 months ago Bleepingcomputer.com
Microsoft Quick Assist Tool Abused for Ransomware Delivery - Cybercriminals who have been using the Black Basta ransomware have been observed abusing the remote management tool Quick Assist in vishing attacks, Microsoft reports. Active since 2022 and believed to have hit over 500 organizations globally, Black ...
5 months ago Packetstormsecurity.com
SRLabs develops Black Basta ransomware decryptor - Researchers released a decryptor to help the numerous victims of one of 2023's most prolific double-extortion ransomware gangs, Black Basta, restore their compromised files for free. Black Basta is believed to have attacked well over 300 ...
10 months ago Packetstormsecurity.com
Botnet sent millions of emails in LockBit Black ransomware campaign - Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. As New Jersey's Cybersecurity and Communications Integration Cell warned on Friday, the attackers use ZIP ...
5 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
5 months ago Securityaffairs.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
Black Basta Ransomware Victim Count Tops 500 - The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies. It claimed that Black Basta attacks have impacted more ...
5 months ago Infosecurity-magazine.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
10 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com
Flaw in Black Basta Ransomware Exploited to Create Decryptor - Researchers at cybersecurity firm Security Research Labs exploited a flaw found in the algorithm of a ransomware variant used by the high-profile threat group Black Basta to develop a decryptor that can help some victims recover their encrypted ...
10 months ago Securityboulevard.com
Black Hat Europe 2023 Closes on Record-Breaking Event in London - PRESS RELEASE. LONDON, Dec. 20, 2023 - Black Hat, the cybersecurity industry's most established and in-depth security event series, today announced the successful completion of the in-person component of Black Hat Europe 2023. The event welcomed more ...
10 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)