Black Basta: A Growing Threat
By David Finz, Alliant Cyber
Listen to the audio version:
At Alliant, we believe helping our clients manage cyber risk goes beyond the mechanics of the insurance transaction. Accordingly, we are providing you with actionable information around the Black Basta ransomware syndicate to help your organization protect its data and network from cyber threats.
What’s happening?
The Black Basta ransomware group has become a significant concern for the U.S. government, prompting the issuance of a joint Cybersecurity Advisory on May 10, 2024, entitled #StopRansomware: Black Basta. The advisory highlights the rising attacks by Black Basta, specifically targeting healthcare and critical infrastructure sectors.
Black Basta, identified in April 2022, operates as a Ransomware-as-a-Service (RaaS) model. This means the group offers its ransomware tools and techniques to affiliates who then launch attacks and extort victims for decryption. The advisory details that Black Basta affiliates have targeted over 500 organizations globally, including healthcare facilities. Their tactics involve infiltrating systems through phishing emails and exploiting known vulnerabilities. Unlike some ransomware groups, Black Basta doesn't immediately present ransom demands. Instead, they encrypt data and give victims a limited window (10-12 days) to contact them before potentially leaking stolen information.
This joint advisory by the FBI, CISA, HHS and MS-ISAC aims to empower defenders with the knowledge to combat Black Basta. It provides technical details on Black Basta's methods, including Indicators of Compromise (IOCs) and Tactics, Techniques and Procedures (TTPs). This information allows cybersecurity professionals to identify potential intrusions and implement effective mitigation strategies.
What can my company do to address this risk?
- Install software, firmware and operating system updates immediately upon their release.
- Deploy multi-factor authentication across as many endpoints in your network as practicable.
- Implement cybersecurity awareness training across your organization, with an emphasis on equipping employees to identify and report phishing attempts.
By following these recommendations and staying vigilant, organizations can significantly reduce their risk of falling victim to Black Basta and other purveyors of ransomware attacks.
What if I discover that our network or data has been compromised due to a ransomware attack? What about an attack on one of our vendors?
Should you need to report a claim for a loss arising out of a ransomware event, please contact your Alliant service team. We can assist you with providing notification to the appropriate insurers and put you in touch with qualified incident response vendors.
Please note that an attack on one of your business partners could result in lost income or extra expenses for your organization due to the resulting disruption to your operations. This is known as “dependent” or “contingent” business interruption and is covered by many cyber insurance policies, even though your organization’s network and data may not have suffered a direct attack.
To request a copy of the joint Cybersecurity Advisory, #StopRansomware: Black Basta, contact us at Alliant Cyber.
Alliant note and disclaimer: This information is designed to provide general information and guidance. Alliant does not own or operate the suggested diagnostic tools and is not responsible for the results of their use. Alliant Insurance Services disclaims any liability for any loss or damage from the information provided in this communication.
