Cyber Defense Advisors

Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack

Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS

524 Hits

Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension.

The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away ambulances “in order to ensure emergency cases are triaged immediately.”

In a statement, Ascension confirmed that while its hospitals were providing healthcare, the ransomware attack meant that its electronic health records and other systems used to order tests, procedures, and medications were currently unavailable.

Now the FBI, CISA, and other US government agencies have released a joint cybersecurity advisory warning of the Black Basta ransomware that is thought to have impacted over 500 organisations globally since April 2022, including in the United States, UK, India, Canada, Australia, New Zealand, and UAE.

Black Basta, the advisory explains, has encrypted and stolen data from at least 12 of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) sector, threatening to release it unless a ransom is paid.


The updated warning comes just as news emerges that Black Basta attacks have adopted a new attack methodology with a social engineering twist.

Security researchers have uncovered that attackers are tricking targeted companies’ users into downloading and installing remote access software using the following cunning technique: 

The attackers start by flooding a user’s inbox with spam emails and unwanted newsletters to such an extent that their inboxes become effectively unusable. The attackers call the user, offering to fix the problem. As part of the fix, the targeted employee is duped into installing remote access software, granting the attackers full control of their computer. This gives the attackers the ability to plant malware and steal information.

What probably makes the attack particularly effective is the combined use of both email and phone calls. Many users might naturally be suspicious of emails that arrive in their inbox, but more trusting of phone calls – particularly if they refer to a problem that they really are having with their inbox (namely, a flood of unwanted email that is interrupting their ability to do their job).

In order to better safeguard your organisation against ransomware threats, consider implementing the following security measures:

Regularly back up your data to a secure, offsite location. This ensures that you can recover your information even if your systems are compromised.Keep your security software up-to-date and install the latest patches for your operating systems and applications. This helps protect against known software vulnerabilities that attackers could exploit.Use strong, unique passwords for all your accounts and enable multi-factor authentication. This adds an extra layer of security, making it harder for attackers to gain access even if they have your password.
Encrypt sensitive data whenever possible. This makes the data unreadable to anyone without the decryption key, even if they steal it.Minimise your attack surface by disabling any unnecessary services or features to reduce potential entry points for attackers.Educate your staff about the risks of cyberattacks and how to recognise the common tactics used by criminals. This helps raise awareness and empowers employees to make informed decisions about security.

Knowing how to respond, particularly in the first 48 hours after a cyber attack, is critical.

The best approach is to take proactive measures and have emergency plans in place because it’s not a matter of if, but when, your business will suffer a ransomware attack.

Make sure to read Exponential-e’s step-by-step guide on ransomware remediation.



Graham Cluley

Graham Cluley is an award-winning cybersecurity public speaker, podcaster, blogger, and analyst. He has been a well-known figure in the cybersecurity industry since the early 1990s when he worked as a programmer, writing the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows.

Since then he has been employed in senior roles by computer security companies such as Sophos and McAfee.

Graham Cluley has given talks about cybersecurity for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the “10 Greatest Britons in IT History” for his contribution as a leading authority in internet security.

More posts from author


Thursday, 09 May 2024
$10 million reward offer for apprehension of unmasked LockBit ransomware leader


Thursday, 18 April 2024
3.5 million Omni Hotel guest details held to ransom by Daixin Team


Wednesday, 03 April 2024
What makes a ransomware attack eight times as costly? Compromised backups

 

Related Post

  • by
  • November 26, 2024

CISA Urges Agencies to Patch Critical “Array Networks”

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG

Cyber News
  • by
  • November 25, 2024

FlipaClip animation app data breach exposes details of

Graham CLULEY November 25, 2024 Promo Protect all your devices, without slowing them down. Free 30-day trial Flipaclip, an animation

Cyber News
  • by
  • November 25, 2024

Google’s New Restore Credentials Tool Simplifies App Login

Google has introduced a new feature called Restore Credentials to help users restore their account access to third-party apps securely

Cyber News
  • by
  • November 25, 2024

PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys

The administrators of the Python Package Index (PyPI) repository have quarantined the package “aiocpa” following a new update that included

Cyber News