- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
- Elden Ring, 2022's Game of the Year, hits a record low price of $20 on Amazon for Black Friday
Black Basta Ransomware Victim Count Tops 500
The Black Basta ransomware group and its affiliates compromised hundreds of organizations worldwide between April 2022 and May 2024, according to a new report from several US government agencies.
The Joint Cybersecurity Advisory (CSA) was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC).
It claimed that Black Basta attacks have impacted more than 500 organizations in North America, Europe and Australia. They led to the encryption and theft of data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.
Victim organizations over this time include UK utility Southern Water and outsourcing giant Capita, as well as the American Dental Association (ADA) and government contractor ABB.
Read more on Black Basta: Black Basta Ransomware Decryptor Published
It’s unclear how much money the group has made over the period from its victims, but a November 2023 analysis of Bitcoin transactions estimated over $100m since April 2022.
The CSA includes TTPs and IOCs obtained from FBI investigations and third-party reporting, as well as a useful list of mitigations for network defenders designed to help them improve security posture.
It recommended critical infrastructure organizations take three actions immediately to mitigate the threat of attack from Black Basta:
- Install OS, software and firmware updates as soon as they are released
- Deploy phishing-resistant multi-factor authentication (MFA) for as many services as possible
- Train users to recognize and report phishing attempts
It’s long been suspected that Black Basta is an offshoot of Conti, a prolific ransomware group which ceased operating just before Black Basta appeared. A November 2023 Bitcoin analysis from insurer Corvus highlighted significant crossover between the two groups – with both targeting manufacturing, construction/engineering, wholesale/retail, financial services, and transportation and logistics firms.
Black Basta prefers popular initial access techniques such as phishing and exploitation of known vulnerabilities, before deploying a double extortion model.