CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State Information Sharing and Analysis Center, the two federal agencies added that the gang also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors.
Black Basta emerged as a Ransomware-as-a-Service operation in April 2022.
Its affiliates have since breached many high-profile victims, including German defense contractor Rheinmetall, Hyundai's European division, U.K. technology outsourcing company Capita, industrial automation company and government contractor ABB, the Toronto Public Library, the American Dental Association, Sobeys, Knauf, and Yellow Pages Canada.
After the Conti cybercrime syndicate shut down in June 2022 following a series of embarrassing data breaches, it split into multiple groups, one of these factions believed to be Black Basta.
According to Elliptic and Corvus Insurance research, this Russian-linked ransomware gang has also raked in at least $100 million in ransom payments from more than 90 victims until November 2023.
The joint advisory also provides defenders tactics, techniques, and procedures and indicators of compromise used by Black Basta affiliates and identified during FBI investigations.
Defenders should keep operating systems, software, and firmware up-to-date, require phishing-resistant Multi-Factor Authentication for as many services as possible, and train users to recognize and report phishing attempts to mitigate Black Basta ransomware attack risks.
They should also secure remote access software by applying CISA-recommended mitigations, making backups of device configurations and critical systems as often as possible to enable faster repairs and restoration, and implementing mitigations shared in the StopRansomware Guide.
The agencies specifically highlighted the increased risks healthcare orgs are facing from this ransomware operation and urged them to ensure that these recommended mitigations are applied to block potential attacks.
While the federal agencies didn't share what prompted today's advisory, Black Basta was linked this week to a suspected ransomware attack that hit the systems of healthcare giant Ascension, forcing the U.S. healthcare network to redirect ambulances to unaffected facilities.
FBI: Akira ransomware raked in $42 million from 250+ victims.
Lockbit's seized site comes alive to tease new police announcements.
CISA urges software devs to weed out path traversal vulnerabilities.
CISA urges software devs to weed out SQL injection vulnerabilities.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 13 May 2024 00:44:05 +0000