May 13, 2024 at 10:19AM CISA and FBI reported that Black Basta ransomware affiliates breached over 500 organizations, encrypting and stealing data from critical infrastructure sectors. The gang targeted private industry and healthcare organizations in North America, Europe, and Australia. The advisory also includes tactics for defenders to mitigate ransomware risks, particularly for healthcare organizations. … Read more
March 1, 2024 at 08:57AM US government agencies issued a warning about ongoing Phobos ransomware attacks targeting critical infrastructure sectors. Operating since May 2019, Phobos employs a ransomware-as-a-service (RaaS) model, with tactics such as phishing emails, IP scanning, and use of remote access tools. Recommendations for mitigations and indicators of compromise are provided. From the … Read more
December 18, 2023 at 10:37AM A joint CSA from the FBI, CISA, and ASD’s ACSC provides IOCs and TTPs of the Play ransomware group impacting businesses in North and South America and Europe. The group employs a double-extortion model, encrypting systems after exfiltrating data. Recommendations include multifactor authentication, offline backups, and system updates to mitigate … Read more