October 25, 2024 at 05:12PM Black Basta ransomware has shifted its social engineering tactics to Microsoft Teams, impersonating IT help desks to exploit employees. After inundating inboxes with emails, attackers contact users directly via Teams. Their goal is to trick employees into installing remote access tools, risking corporate networks. Organizations are advised to restrict external … Read more
October 25, 2024 at 04:57PM Black Basta ransomware is evolving, using Microsoft Teams for social engineering attacks by impersonating IT help desk personnel. Attackers overwhelm employees’ inboxes, then contact them via Teams to gain remote access and install malicious payloads, ultimately deploying ransomware. Organizations are advised to restrict external communication in Teams and enable logging. … Read more
August 5, 2024 at 03:30AM Keytronic, an electronics manufacturing services firm, suffered a ransomware attack resulting in over $17 million in additional expenses and lost revenue. The cyberattack led to $2.3 million in expenses, $15 million in revenue loss, and a two-week suspension of operations. The incident was attributed to the Black Basta ransomware group, … Read more
August 1, 2024 at 03:39PM The Black Basta ransomware group has evolved its tactics by using custom tools and new initial access techniques after the takedown of the Qakbot botnet. This shift has enabled the group to continue flourishing in cybercriminal operations, with the development of custom malware like SilentNight, Cogscan, and Knotrock, posing a … Read more
June 13, 2024 at 05:57PM Ascension, a large U.S. healthcare system, disclosed that a ransomware attack in May 2024 was caused by an employee’s unintentional download of a malicious file. The attack affected patient records and led to offline devices. While investigation is ongoing, evidence shows stolen data may include Protected Health Information. The attack … Read more
June 12, 2024 at 12:45PM Symantec reported that a ransomware group possibly exploited a patched Windows privilege escalation vulnerability before Microsoft’s fix. The flaw, tracked as CVE-2024-26169, could allow attackers to obtain System privileges. Symantec found evidence suggesting the Black Basta ransomware group exploited this vulnerability as a zero-day, hitting over 500 organizations globally. Summary … Read more
June 12, 2024 at 08:10AM The Black Basta ransomware operation exploited a Windows privilege escalation vulnerability (CVE-2024-26169) as a zero-day before a fix was available. Microsoft patched it on March 12, 2024. Symantec’s report links the exploit to Black Basta, with indications of its usage as a zero-day. This highlights the need to apply the … Read more
June 12, 2024 at 07:39AM Symantec reports that threat actors using Black Basta ransomware exploited a privilege escalation flaw in Microsoft’s Windows Error Reporting Service as a zero-day, patched in March 2024. Symantec’s observation points to attempts to exploit the vulnerability in an unsuccessful ransomware attack. It also highlights the emergence of a new ransomware … Read more
May 17, 2024 at 05:35PM Summary: – Black Basta ransomware operation breached over 500 organizations worldwide from April 2022 to May 2024, causing disruption at Ascension Healthcare. – Inc Ransomware attempted to sell its source code for $300,000, while Phorpiex botnet conducted LockBit Black ransomware campaigns. – MediSecure in Australia suffered a large-scale ransomware data … Read more
May 13, 2024 at 05:18PM Summary: Despite a history of targeted attacks, the Black Basta cybercriminal group has adopted a new strategy of bombarding victims with spam emails and offering fake customer support to trick them into downloading malware. Rapid7 researchers warn organizations to be vigilant and take measures to block unauthorized remote monitoring and … Read more