December 9, 2024 at 01:18PM Black Basta ransomware is evolving its tactics, utilizing social engineering and various malware like Zbot and DarkGate since October 2024. The group employs email bombing, impersonation on Microsoft Teams, and QR codes to target users. Their ultimate aim includes credential harvesting and VPN file theft for further breaches. ### Meeting … Read more
December 5, 2024 at 06:17AM BT Group confirmed an attempted attack by the Black Basta ransomware group on its BT Conferencing unit. The incident affected specific platform elements, which were quickly isolated, with no impact on live services. Black Basta claims to have stolen around 500 GB of outdated data, prompting an ongoing investigation. ### … Read more
December 5, 2024 at 05:55AM BT is investigating a ransomware attack by the Black Basta group, which claims to have stolen 500 GB of sensitive data. The group threatens to leak the data unless a ransom is paid. BT affirmed that only specific elements of its Conferencing platform were affected, and services remain operational. ### … Read more
November 25, 2024 at 05:09PM Recent analysis shows that Russian-language ransomware groups are coordinating closely, sharing tactics and malware. BlackBasta has emerged as a key player, adapting to law enforcement crackdowns. Cybersecurity experts warn of potential cooperation between BlackBasta and the Russian state, emphasizing the need for enhanced defenses against evolving social engineering attacks. ### … Read more
October 25, 2024 at 05:12PM Black Basta ransomware has shifted its social engineering tactics to Microsoft Teams, impersonating IT help desks to exploit employees. After inundating inboxes with emails, attackers contact users directly via Teams. Their goal is to trick employees into installing remote access tools, risking corporate networks. Organizations are advised to restrict external … Read more
October 25, 2024 at 04:57PM Black Basta ransomware is evolving, using Microsoft Teams for social engineering attacks by impersonating IT help desk personnel. Attackers overwhelm employees’ inboxes, then contact them via Teams to gain remote access and install malicious payloads, ultimately deploying ransomware. Organizations are advised to restrict external communication in Teams and enable logging. … Read more
August 5, 2024 at 03:30AM Keytronic, an electronics manufacturing services firm, suffered a ransomware attack resulting in over $17 million in additional expenses and lost revenue. The cyberattack led to $2.3 million in expenses, $15 million in revenue loss, and a two-week suspension of operations. The incident was attributed to the Black Basta ransomware group, … Read more
August 1, 2024 at 03:39PM The Black Basta ransomware group has evolved its tactics by using custom tools and new initial access techniques after the takedown of the Qakbot botnet. This shift has enabled the group to continue flourishing in cybercriminal operations, with the development of custom malware like SilentNight, Cogscan, and Knotrock, posing a … Read more
June 13, 2024 at 05:57PM Ascension, a large U.S. healthcare system, disclosed that a ransomware attack in May 2024 was caused by an employee’s unintentional download of a malicious file. The attack affected patient records and led to offline devices. While investigation is ongoing, evidence shows stolen data may include Protected Health Information. The attack … Read more
June 12, 2024 at 12:45PM Symantec reported that a ransomware group possibly exploited a patched Windows privilege escalation vulnerability before Microsoft’s fix. The flaw, tracked as CVE-2024-26169, could allow attackers to obtain System privileges. Symantec found evidence suggesting the Black Basta ransomware group exploited this vulnerability as a zero-day, hitting over 500 organizations globally. Summary … Read more