In the two years since its inception, Black Basta ransomware-as-a-service, through its affiliates, has compromised more than 500 organizations worldwide, authorities say.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and the Multistate Information Sharing and Analysis Center (MS-ISAC), published an advisory joint security policy on blacks. Simply share valuable information about adversaries' tactics, techniques and procedures (TTP), indicators of compromise (IOC), and more to help organizations protect against the growing threat.
This has cemented its position as one of the world's most prolific ransomware threats, wreaking havoc across industries as attacks disrupt businesses and leak sensitive data onto the dark web.
More and more sophistication
According to the advisory, since April 2022, when it was first observed, Black Basta has infected more than 500 organizations worldwide. Victims include organizations in 12 of the 16 critical infrastructure sectors, including the healthcare and public health (HPH) sector.
Some of Black Basta's victims include Hyundai Europe, Capita, The American Dental Association, Yellow Pages Canada, Dish and many, many others.
Black Basta likely emerged after the fall of Conti, another major ransomware player until the beginning of the Russian invasion of Ukraine.
At the time, the group publicly proclaimed its affiliation with the Kremlin regime, provoking a violent reaction among its affiliates (many of whom were Ukrainian). Shortly after, the group fragmented and one of the newly created threat actors was possibly Black Basta.
To protect against the threat, businesses should always ensure that their software and hardware are up-to-date and that their employees are aware of the dangers of phishing and social engineering. After all, Black Basta's first entry point is almost always a phishing email.
Through beepcomputer
