Cybersecurity Blog

Cybersecurity Advisory on Black Basta Ransomware

Authored by Brandon Kelsheimer

In a concerted effort to combat the escalating threats posed by ransomware, the Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), issued a critical advisory on May 10, 2024, focusing on the Black Basta ransomware. This collective initiative underscores these organizations’ commitment to fortifying defenses against sophisticated cyber adversaries.

The Black Basta ransomware operates as Ransomware-as-a-Service (RaaS), allowing affiliates to use the malware against targets. Since its discovery in April 2022, Black Basta has affected over 500 entities, including private industries and critical infrastructure sectors across North America, Europe, and Australia. The ransomware uses double extortion tactics, encrypting data and promising to leak it unless a ransom is paid. This strategy has been effective, generating alleged profits exceeding $100 million. 

The healthcare sector has been significantly targeted, demonstrating the group’s opportunistic approach towards industries with sensitive and critical data. Recent attacks have led to considerable disruptions in healthcare services, emphasizing the severe impact of such cyber incidents. CISA and its partners recommend several mitigations to help organizations strengthen their cybersecurity defenses and reduce the likelihood of a successful ransomware attack. 

The recommended tactics, techniques, procedures (TTPs), and indicators of compromise (IOCs) can be found in the joint Cybersecurity Advisory. Organizations are encouraged to consult resources like StopRansomware.gov for further guidance on safeguarding against ransomware threats. This advisory’s release is a proactive measure aimed at raising awareness and guiding organizations on effective strategies to counter the Black Basta ransomware threat. By disseminating this information, CISA, and its partners aim to educate organizations about the specific threats posed by Black Basta and reinforce the importance of robust cybersecurity practices in maintaining the integrity and security of critical systems and data.

How CLA Can Help

CLA’s cybersecurity team has years of experience performing IT risk assessments, controls reviews, and custom cybersecurity testing. Please contact us to help in assessing and mitigating your risk for a cyber-attack.

Sources: 

https://h-isac.org/black-basta-threat-actor-emerges-as-a-major-threat-to-the-healthcare-industry

https://www.cisa.gov/news-events/alerts/2024/05/10/cisa-and-partners-release-advisory-black-basta-ransomware

Tags: , Incident Response, IT Controls, Network Security | Comments Off on Cybersecurity Advisory on Black Basta Ransomware

  • 704-816-8470

Javier is a principal within the Cybersecurity Services Group at CLA. Prior to joining CLA, Javier spent ten years supporting the Department of Defense as well as a financial services company in the fields of insider threat, incident response, analytics, and systems engineering.

Comments are closed.

Subscribe to Blog   

Protecting your data from cyber threats starts with confidentiality, integrity, and availability. CLA’s cybersecurity team understands the threats you face — and how to help keep your organization safe. Check back often to learn about risks, trends, IT security attack and defense, and mitigation and response techniques.