Posts

Showing posts with the label Black Basta

CISA Issues Advisory on Black Basta Ransomware

 On May 10, 2024, CISA, along with the FBI, HHS, and MS-ISAC, issued a joint  Cybersecurity Advisory relating to Black Basta ransomware affiliates "that have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia. Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. Black Basta uses double extortion tactics, encrypts data and threatens to leak it and has links to Conti and FIN7 threat actors. The  Black Basta Advisory  provides information on how the threat actors gain initial access to victim's systems, which primarily use spear phishing tactics. The Advisory lists indicators of compromise, file indicators, and suspected domains used by Black Basta.  This can be helpful for IT professionals to compare against company systems.  Mitigations listed by the Advisory include current patching, MFA, training, securing remote access sof...