May 13, 2024 at 10:19AM
CISA and FBI reported that Black Basta ransomware affiliates breached over 500 organizations, encrypting and stealing data from critical infrastructure sectors. The gang targeted private industry and healthcare organizations in North America, Europe, and Australia. The advisory also includes tactics for defenders to mitigate ransomware risks, particularly for healthcare organizations.
From the meeting notes, it is clear that the Black Basta ransomware affiliates have posed a significant threat to numerous organizations, particularly targeting the healthcare sector across North America, Europe, and Australia. The joint report from CISA, the FBI, and other agencies highlighted the breach of over 500 organizations, with at least 12 out of 16 critical infrastructure sectors affected. The healthcare sector has been particularly vulnerable, with the recent suspected ransomware attack on healthcare giant Ascension. The ransomware gang is believed to have emerged from the Conti cybercrime syndicate and is suspected of being linked to Russian-speaking threat groups.
The agencies have emphasized the importance of implementing specific security measures, such as keeping operating systems and software up-to-date, employing Multi-Factor Authentication (MFA), and training users to recognize and report phishing attempts. Additionally, organizations are urged to secure remote access software, make regular backups, and apply the recommended mitigations shared in the StopRansomware Guide.
The increased risks faced by healthcare organizations due to their technological dependence and access to personal health information have been specifically highlighted, with a call for all critical infrastructure organizations to apply the recommended mitigations to reduce the likelihood of compromise from Black Basta and other ransomware attacks.