Introduction

A ransomware group called Black Basta continues its reign of terror against organizations in the healthcare, manufacturing and technology sectors. The group has already claimed responsibility for several high-profile attacks, including an attack on a major US healthcare provider that resulted in the theft of patient data.

Ransomware has always been a huge issue online, and groups like this aren’t helping to slow down the epidemic.

What You Should Know About Ransomware

Why is this such a big deal?

Ransomware is one of the most dangers cyber-threats currently out there. If you’re not prepared to recognize traps and respond to an attack, then you could lose more than just your money—you’ll be risking confidential data, too.

It’s important to understand that most ransomware threat actors will never return your stolen files. Most will take the money and data and run. Others will charge a double extortion fee to prevent them from leaking copies of what they saw to the public. That’s exactly what Black Basta does.

The lesson here is to never pay ransomware. If you do find out that one of your devices has been infected, IMMEDIATELY kick start your incident response plan.

Who is Black Basta?

The group at fault is both a ransomware perpetrator and a Ransomware-as-a-Service (RaaS) purveyor. That means they don’t just attack organizations; they also sell the malicious code used to commit their international crimes. Since they first came onto the scene in April 2022, Black Basta has become one of the most prominent international ransomware threat groups. Their victim pool compromises healthcare organizations in the private and public sector, so even groups like the American Dental Association aren’t safe from their attacks.

Although they appear to have originated in Russia, Black Basta has targeted victims in the US, Canada, the UK, Australia, New Zealand and Japan.

Personal health information is highly protected and highly valuable. By launching a malware campaign against particular organizations that hold lucrative information like PHI, they can make more money off of the stolen data.

Once Black Basta ransomware is installed on a victim’s system, it encrypts the victim’s files and demands a ransom payment in exchange for the decryption key. The ransom amount ranges from an average of $100,000 to $500,000. The ransomware not only encrypts sensitive files but uses DNS tampering to lock out the authorized user, too.

Conclusion

Black Basta is still out there, selling their RaaS and executing their malicious attacks around the globe. The more you know about what threats are waiting in cyberspace, the better you can recognize and respond to these attacks when they occur in real life.

Ransomware is no joke. 1.7M attacks happen every day. Do you know what your organization recommends next if you find a suspicious or ominous message popping up on your screen? If not, now is a great time to brush up on ransomware defense before you really need it. You don’t want to be in the middle of trouble when you realize you forget who to notify first!

Black Basta is just one of the many cyber-threat actors out there in the world. Be careful and treat the sensitive data that you handle with the attention and security that you’d want for your own PII.

References