May 13, 2024 at 10:19AM CISA and FBI reported that Black Basta ransomware affiliates breached over 500 organizations, encrypting and stealing data from critical infrastructure sectors. The gang targeted private industry and healthcare organizations in North America, Europe, and Australia. The advisory also includes tactics for defenders to mitigate ransomware risks, particularly for healthcare organizations. … Read more
May 13, 2024 at 07:36AM The Black Basta ransomware group has targeted over 500 organizations globally, impacting critical infrastructure in North America, Europe, and Australia. Operating under a Ransomware-as-a-Service (RaaS) model, the group has earned over $100 million in ransom payments. Cyber-attacks are conducted through phishing, exploiting vulnerabilities, and deploying ransomware. Mitigations are recommended by … Read more
May 13, 2024 at 06:22AM Black Basta ransomware has targeted over 500 entities in North America, Europe, and Australia since April 2022. Affiliates utilize common access techniques and a double-extortion model, without initial ransom demands. The group is linked to 28 of 373 ransomware attacks in April 2024 and increased activity in Q1 2024. The … Read more
February 27, 2024 at 03:10AM Summary: The blog post details recent vulnerabilities in ConnectWise ScreenConnect—CVE-2024-1708 and CVE-2024-1709—exploited by threat actor groups like Black Basta and Bl00dy Ransomware gangs. It highlights the technical and operational aspects of the vulnerabilities and provides indicators of compromise for detection and mitigation. Let me know if you need any further … Read more
February 13, 2024 at 09:57AM Aircraft parts dealer Willis Lease Finance Corporation (WLFC) reported a cyberattack to the US Securities and Exchange Commission, detected on January 31. The company contained the incident by February 2 and is investigating the scope and impact of the attack. The Black Basta ransomware gang claims responsibility and threatens to … Read more
February 9, 2024 at 04:09PM Bitdefender reports the discovery of the macOS backdoor RustDoor, linked to ransomware families Black Basta and Alphv/BlackCat. The malware supports Intel and Arm architectures and has been undetected since November 2023. It harvests and exfiltrates files, generates victim IDs, and has variants with different functionalities, including impersonating applications. From the … Read more
February 8, 2024 at 03:21PM Hyundai Motor Europe experienced a Black Basta ransomware attack, potentially compromising three terabytes of data. Initially reported as IT issues, Hyundai later confirmed the cyberattack, involving unauthorized network access. The attack affected various company departments, and it is linked to Black Basta, known for double-extortion attacks and ties to the … Read more
January 12, 2024 at 12:11AM Pikabot malware, associated with the Water Curupira intrusion set, was used in phishing campaigns through 2023. Similar to Qakbot, it consists of a loader and core module enabling unauthorized access. The campaigns targeted victims via spam emails with malicious attachments, evolving to include a PDF file delivery method. Organizations are … Read more
January 5, 2024 at 05:23PM Summary: – BleepingComputer tested a new decryptor for Black Basta ransomware. – Xerox Business Solutions suffered a cyberattack, possibly exposing personal information. – Australia’s Court Services Victoria suffered a ransomware attack, potentially exposing sensitive recordings. – The Zeppelin2 ransomware source code and builder were sold on a hacking forum. – … Read more
January 2, 2024 at 11:18AM SRLabs released a decryptor to assist victims of the Black Basta ransomware in recovering their files for free. The ransomware, linked to the Conti group, has been responsible for numerous high-profile attacks. SRLabs identified a flaw in the encryption algorithm, enabling them to create a tool for partial file recovery. … Read more