Focus On Black Basta Ransomware

Uploaded on 2024-05-20 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

The Black Basta ransomware-as-a-service (RaaS) operation has targeted more than 500 private industry and critical infrastructure entities in North America, Europe, and Australia since its emergence in 2022. Its affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organisations, in North America, Europe, and Australia.

Now, the US Cyber Defense Agency, Cybersecurity & Infrastructure Security Agency (CISA) the FBI and other agencies are encouraging organisations to review and implement the mitigations provided in a joint Cyber Security Advisory to reduce the likelihood and impact of Black Basta and other ransomware incidents.

Ransomware is a type of malware designed to encrypt files on a device, rendering them and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.  The CISA Advsisory aims to provide cyber security defenders with tactics, techniques, and procedures (TTPs) used by known Black Basta ransomware affiliates and identified through FBI investigations and third-party reporting. 

Current investigations indicate that Black Basta is a Russian-speaking group and in the Russian language the term is slang for  'stop', 'that's enough', or 'I quit'. 

Over time, malicious actors have adjusted their ransomware tactics to be more destructive and impactful and have also exfiltrated victim data and pressured victims to pay by threatening to release the stolen data. The application of both tactics is known as “double extortion.” In some cases, malicious actors may exfiltrate data and threaten to release it as their sole form of extortion without employing ransomware. 

Like most cybercriminals, Black Basta is primarily financially motivated and the group is known to demand large sums in ransom - sometimes millions of dollars. Operators in the group have focused their interest in specifically targeting English-speaking  countries, which might possibly suggest a political motive for their criminal exploits.  

CISA   |   CISA   |   Hacker News   |   US Dept. Health & Human Services   |

Image:  Ideogram

You Might Also Read: 

Quadruple Extortion Ransomware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« A Critical Vulnerability In The Post-PSTIA Era 
Cloud Threats Require New Advanced Defenses »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Original Software

Original Software

Original Software offers a test automation solution focused completely on the goal of effective software quality management.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

Security Engineered Machinery (SEM)

Security Engineered Machinery (SEM)

SEM provides comprehensive end-of-life solutions for the protection of sensitive information in government and commercial markets.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

Tracepoint

Tracepoint

Tracepoint provide full-service cyber incident response, remediation and recovery solutions for the most time-sensitive situation your company may ever face.

TWC IT Solutions

TWC IT Solutions

Since 2011, TWC IT Solutions has offered managed IT Support, Cybersecurity, Disaster Recovery, Contact Centre and Business Connectivity services to clients across 24 countries globally.

Assure IT

Assure IT

Assure IT is a Singapore company specialising in technology governance, risk and compliance.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

RMC

RMC

RMC was purpose-built for Mission Assurance and ICS/OT cybersecurity, dedicated to strengthening and protecting government and commercial assets.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

Aembit

Aembit

Aembit is the Identity Platform that lets DevOps and Security manage, enforce, and audit access between federated workloads

Click Studios

Click Studios

Click Studios is an Agile software development company specialising in the development of a secure Enterprise Password Management solution called Passwordstate.

Quantum Knight

Quantum Knight

Quantum Knight is the most performant commercial-grade embeddable cryptography. Lock down any resource from any location or device. Take control of your data now.