Black Basta Ransomware on the Rise

05/17/24

Black Basta’s first variants were first discovered in April 2022 and is a ransomware-as-a-service. There was a joint cybersecurity advisory from the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Health and Human Services and Multi-State Information Sharing and Analysis Center advising about this ransomware being on the rise.

Black Basta affiliates have impacted more than five hundred organizations globally including the U.S, Canada, Japan, U.K, Australia and New Zealand that has been reported. In the joint cybersecurity advisory, there was reported stolen data from at least 12 of 16 critical infrastructure sectors.

Black Basta affiliates employ common techniques to compromise their target’s network, including phishing, exploiting known vulnerabilities, or purchasing valid credentials from Initial Access Brokers. It is deployed on systems via the infamous QakBot. Once the network is penetrated, the affiliates use a variety of tools to move laterally through the targeted network to steak sensitive information and then goes for the jugular with the double-extortion model.

Every system that is infected receives a ransom note that contains a unique identified the organization needs to contact the cybercriminal via a Tor link. They start an actual countdown timer and once time expires; the stolen data is shared.

Like with every other ransomware strand that threatens us, there are some steps your organization can take to help protect against Black Basta and other ransomware and malware threats out there today including:

  • Keep all operating systems, software and firmware updated and patched.
  • Require multi-factor authentication on as many services as possible.
  • Awareness is crucial for all users. Train them to recognize and report phishing attempts.
  • Exercise caution with remote access software and the security patterns and monitoring around it.
  • Zero-trust policy applied EVERYWHERE! The principle of least-privilege should be applied when zero-trust is not actually possible.
  • Regularly audit Active Directory for inactive or obsolete accounts
  • Have safeguard protections for mass scripting in place, including mass scripting alerts and script approval processes.
  • Making sure all critical systems and device configuration happens frequently.
  • Modern anti-malware software
  • Exercising, testing, and validating your organization’s security programs against some of the most crucial threats on the market.

There is going to continue to be new malware strands like Black Basta introduced in the wild; I am not sure we will ever know the name of every threat our businesses are currently facing. Stay diligent. Stay alert.

Read More:

Pivotal Use Cases for Microsoft Copilot for Security

Epicor Acquires Smart Software

Back to IT News