black basta (7)

12539040659?profile=RESIZE_400xUS Cyber authorities are releasing this joint CSA to provide information on Black Basta, a ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure  sectors, including the Healthcare and Public Health (HPH) Sector.  This joint CSA provides TTPs and IOCs obtained from FBI investigations and third-party reporting.

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022.  Black Basta affiliate

12150964496?profile=RESIZE_400xWith half of 2023 over, ransomware gangs have operated at a near-record profit, extorting more than $449 million from victims, according to blockchain research firm Chainalysis.  The figure likely pales in comparison to the actual totals because the research only looks at cryptocurrency wallets being monitored by the firm.  If the trends continue, ransomware groups are on pace to bring in nearly $900 million in 2023, only $40 million behind the peak of $939.9 million seen in 2021.

Chainalysis re

12128290467?profile=RESIZE_400xBlack Basta ransomware has made headlines for allegedly compromising high-profile European and North American organizations across a variety of industries, such as outsourcing, technology, and manufacturing.  The history of Black Basta ransomware dates to at least April 2022, with a professional organizations company in the United States being one of its first victims. Since then, Black Basta has slowly expanded their operations, with the group allegedly compromising and stealing data from a US

11035554682?profile=RESIZE_400xA new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to nefarious use by the now-defunct Conti ransomware gang members, indicating collaboration between the two crews.  The malware, named Domino, is primarily designed to facilitate follow-on exploitation of compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021.

Former TrickBot/Conti syndicate me

10601683276?profile=RESIZE_400xThe Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the US, Canada, the UK, Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window.  "Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more," Cybereason said in a repo

10484495258?profile=RESIZE_400xActivity Summary - Week Ending on 13 May 2022:

  • Red Sky Alliance identified 35,648 connections from new IP’s checking in with our Sinkholes
  • MS in Sydney Australia hit 134x
  • Analysts identified 1,442 new IP addresses participating in various Botnets
  • Black Basta
  • Stonefly APT
  • Magnus & Grim
  • Exploits in Ransomware used to Block Encryption
  • Risk-Based Cyber Security in the UK
  • Passwords
  • Ransomware Evolution

Link to full report: IR-22-133-001_weekly133.pdf

10464408487?profile=RESIZE_400xBlack Basta, a new ransomware group, has made their presence felt by claiming responsibility for twelve ransomware attacks in the month of April.   Black Basta, like many other ransomware operations, uses double-extortion tactics, stealing victim data before encrypting systems to leverage payment.  The group then uses their Tor site and slowly leaks victim data, applying pressure to victims to pay the ransom for the decryption key.  Notable targets from the first stretch of attacks include the A