CISA Issues Advisory on Black Basta Ransomware
On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint Cybersecurity Advisory relating to Black Basta ransomware affiliates "that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.
Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. Black Basta uses double extortion tactics, encrypts data and threatens to leak it and has links to Conti and FIN7 threat actors.
The Black Basta Advisory provides information on how the threat actors gain initial access to victim's systems, which primarily use spear phishing tactics.
The Advisory lists indicators of compromise, file indicators, and suspected domains used by Black Basta. This can be helpful for IT professionals to compare against company systems.
Mitigations listed by the Advisory include current patching, MFA, training, securing remote access software, backups, and other mitigation techniques. This Advisory is an important read for IT professionals in all industries.
Source(s): JD Supra, received on May 17, 2024; cisa.gov, accessed on May 22, 2024.