After the Ascension ransomware attack, government agencies warned about the Black Basta group. They said the gang is targeting healthcare and important infrastructures in the U.S.
The FBI, CISA, and HHS announced that Black Basta has attacked over 500 organizations globally from April 2022 to May 2024. They explained that the gang usually gets into organizations through phishing emails or exploiting known weaknesses. Instead of demanding ransom, they give victims a code and link to communicate. Victims typically have about 10 to 12 days to pay up before their stolen data gets published.
This warning came after CNN reported that Black Basta was behind the attack on Ascension, a nonprofit healthcare system. Ascension had to deal with severe disruptions, turning away ambulances and resorting to paper records.
Government agencies are now helping Ascension recover from the attack. HHS is in touch with Ascension’s leaders to minimize disruptions to patient care.
The warning also mentioned a bug in ConnectWise’s ScreenConnect, which Black Basta has been exploiting since February. This bug has caused concern because many managed service providers (MSPs) use this software.
The agencies emphasized that healthcare organizations are attractive targets for cybercriminals due to their size and the sensitive information they hold. They also warned about other vulnerabilities that Black Basta exploits.
Black Basta has carried out bold attacks on various organizations worldwide, making it the fourth most active ransomware strain based on the number of victims in the last year. They’ve leaked information from organizations such as the Raleigh Housing Authority, a major U.S. cable operators’ technology company, and Chile’s government.
What is BlackBasta Ransomware?
Black Basta uses targeted emails to launch attacks and pays brokers for network access. They steal passwords and move around networks, installing specific tools to control infected computers. They use complex techniques to make decryption difficult, disable antivirus when encrypting files, disrupt internet access, and target computer systems. Learn more about Black Basta here.
Do not be the next victim of Black Basta ransomware. It’s never too late to prevent the next attack.
See how PC Matic’s Zero Trust platform shuts down Black Basta Ransomware