May 13, 2024 at 07:36AM
The Black Basta ransomware group has targeted over 500 organizations globally, impacting critical infrastructure in North America, Europe, and Australia. Operating under a Ransomware-as-a-Service (RaaS) model, the group has earned over $100 million in ransom payments. Cyber-attacks are conducted through phishing, exploiting vulnerabilities, and deploying ransomware. Mitigations are recommended by government agencies and a free decryptor has been released to aid victims.
Summary of Meeting Notes:
– The Black Basta ransomware group has targeted over 500 organizations globally, including critical infrastructure entities in North America, Europe, and Australia.
– They operate under a ransomware-as-a-service (RaaS) model, with affiliates conducting cyberattacks and collecting a share of the ransom payment.
– Black Basta affiliates have received over $100 million in ransom payments from at least 90 victim organizations.
– They have targeted 12 out of 16 critical infrastructure sectors, including healthcare organizations, using tactics such as phishing and exploiting known vulnerabilities.
– The attackers deploy various tools for remote access, network scanning, privilege escalation, and data exfiltration after compromising a victim’s network.
– The group has been observed exploiting vulnerabilities for privilege escalation, abusing Remote Desktop Protocol (RDP) for lateral movement, and disabling endpoint detection and response (EDR) solutions.
– After exfiltrating data, the attackers delete volume shadow copies, encrypt compromised systems, and drop a ransom note.
– A new alert from CISA, FBI, HHS, and MS-ISAC provides details on the tactics used by Black Basta affiliates, indicators of compromise (IoCs), and recommended mitigations, especially for healthcare organizations and critical infrastructure entities.
– A free decryptor has been released by SRLabs to help Black Basta victims recover their data without paying a ransom.