Security News > 2024 > May > CISA: Black Basta ransomware breached over 500 orgs worldwide
CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
"Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia," CISA said.
"The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups."
Defenders should keep operating systems, software, and firmware up-to-date, require phishing-resistant Multi-Factor Authentication for as many services as possible, and train users to recognize and report phishing attempts to mitigate Black Basta ransomware attack risks.
While the federal agencies didn't share what prompted today's advisory, Black Basta was linked this week to a suspected ransomware attack that hit the systems of healthcare giant Ascension, forcing the U.S. healthcare network to redirect ambulances to unaffected facilities.
On Friday, Health-ISAC also issued a threat bulletin warning that the Black Basta ransomware gang "Has recently accelerated attacks against the healthcare sector."
News URL
Related news
- CISA says BianLian ransomware now focuses only on data theft (source)
- BT unit took servers offline after Black Basta ransomware breach (source)
- Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)