New Ransomware Threat Hits Hundreds of Organisations Worldwide

Until November 2023, this group with suspected ties to Russia has accumulated ransom payments totaling a minimum of $100 million from over 90 victims.
In a recent joint report by the Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation, a new ransomware gang named Black Basta has been identified as breaching over 500 organisations globally between April 2022 and May 2024.
This group has targeted various sectors, including healthcare, spanning across North America, Europe, and Australia.
Black Basta, coming through as a Ransomware-as-a-Service operation in April 2022, has quickly gained notoriety by attacking numerous high-profile victims such as Rheinmetall, Hyundai, Capita, and the American Dental Association, among others.
Believed to have connections to the former Conti cybercrime syndicate, Black Basta operates with sophistication and a steady stream of initial access to its targets.
One of the key tactics employed by Black Basta involves stealing corporate data before encrypting a company's devices.
This stolen data is then used in double-extortion attacks, where victims have demanded a ransom to prevent the publishing of their sensitive information.
The gang's data leak site, 'Black Basta Blog' or 'Basta News,' lists victims and progressively releases data to pressure them into paying the ransom.
Technical analysis reveals that Black Basta utilises the ChaCha20 encryption algorithm to encrypt files, rendering them inaccessible without the decryption key.
Victims are left with a custom extension appended to their encrypted files, along with a ransom note providing instructions on how to negotiate with the threat actors.
Responding to this spreading threat, federal agencies advise organisations to maintain up-to-date operating systems, employ phishing-resistant Multi-Factor Authentication, and train users to identify and report phishing attempts.
Securing remote access software and implementing recommended mitigations are essential steps in blocking the risks posed by Black Basta and similar ransomware attacks.
Healthcare organisations are particularly vulnerable, given their size, technological reliance, and access to sensitive patient information.
CISA and the FBI have suggested adhering to the StopRansomware Guide in order to dodge potential attacks in the healthcare sector.
Recent incidents, including an attack on healthcare giant Ascension, accentuate the urgency of addressing the threat posed by Black Basta.
With the gang's ability to readily expand its victim pool and employ coercive tactics, organisations must remain particularly careful and implement robust cybersecurity measures to mitigate the risk of falling victim to ransomware attacks.
Considering the course of events, cybersecurity experts emphasise the importance of ardent measures, including regular backups, system updates, and employee training, to strengthen defences against ransomware threats like Black Basta.
This calls for collective efforts to combat the growing menace of ransomware and protect critical infrastructure from malicious actors.


This Cyber News was published on www.cysecurity.news. Publication date: Mon, 13 May 2024 17:43:04 +0000


Cyber News related to New Ransomware Threat Hits Hundreds of Organisations Worldwide

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
10 months ago Unit42.paloaltonetworks.com
New Ransomware Threat Hits Hundreds of Organisations Worldwide - Until November 2023, this group with suspected ties to Russia has accumulated ransom payments totaling a minimum of $100 million from over 90 victims. In a recent joint report by the Cybersecurity and Infrastructure Security Agency and the Federal ...
6 months ago Cysecurity.news
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
6 months ago Bleepingcomputer.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
11 months ago Techtarget.com
Cisco Talos Report: New Trends in Ransomware, Network Infrastructure Attacks, Commodity Loader Malware - The Cisco Talos Year in Review report released Tuesday highlights new trends in the cybersecurity threat landscape. We'll focus on three topics covered: the ransomware cybercriminal ecosystem, network infrastructure attacks and commodity loader ...
11 months ago Techrepublic.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
8 months ago Feeds.fortinet.com
VX-Underground malware collective framed by Phobos ransomware - A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor. Phobos launched in 2018 in what is believed to be a ransomware-as-a-service derived from the ...
11 months ago Bleepingcomputer.com
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
10 months ago Bleepingcomputer.com
2024 Cybersecurity Industry Experts Predictions: Part 1 - As 2023 draws to a close, it's time for cybersecurity experts to gaze into their crystal balls and predict what the next year has set in store for the security industry. In the first part of our predictions round-up experts at My1Login, ...
11 months ago Itsecurityguru.org
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
10 months ago Bleepingcomputer.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
11 months ago Helpnetsecurity.com
U.S. Joins U.K. to Seize LockBit Site, Disrupt Massive Ransomware Variant - The U.S. Department of Justice has partnered with the United Kingdom and international law enforcement partners in London today to announce the disruption of the LockBit ransomware group. The LockBit ransomware group is one of the most active ...
9 months ago Americansecuritytoday.com
Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
9 months ago Securityboulevard.com
Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
9 months ago Malwarebytes.com
Top 10 Notorious Ransomware Gangs of 2023 - By employing a multitude of advanced techniques like double extortion along with other illicit tactics, ransomware groups are continually evolving at a rapid pace. Here below, we have mentioned all the types of ransomware used by the threat actors ...
10 months ago Cybersecuritynews.com
Top 7 Cyber Threat Hunting Tools for 2024 - Cyber threat hunting is a proactive security measure taken to detect and neutralize potential threats on a network before they cause significant damage. To seek out this type of threat, security professionals use cyber threat-hunting tools. With ...
9 months ago Techrepublic.com
Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
9 months ago Techrepublic.com
Dozens of countries will pledge to stop paying ransomware gangs - An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups. Addressing reporters on Monday, Anne Neuberger, ...
11 months ago Bleepingcomputer.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)