Wednesday, November 20, 2024
HomeCyber AttacksBlack Basta ransomware-as-a-service brings down 50 organizations globally

Black Basta ransomware-as-a-service brings down 50 organizations globally

Highlights

  • Prominent Threat: In just two months, the Black Basta gang has added nearly 50 victims to their list as of the publishing of this report, making them one of the most prominent ransomware recently.
  • Targets VMware ESXi: Black Basta’s Linux variant targets VMware ESXi virtual machines (VMs) running on enterprise Linux servers.
  • High Severity: The threat level is HIGH given the destructive potential of the attacks.
  • Targeting English-Speaking countries: Black Basta specifically targets the following countries: United States, Canada, United Kingdom, Australia, and New Zealand.
  • Targeting Wide Range of Industries: Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers and more.
  • Human Operated Attack: Prior to the deployment of the ransomware, the attackers attempt to infiltrate and move laterally throughout the organization, carrying out a fully-developed RansomOps attack.

The Black Basta ransomware-as-a-service (RaaS) syndicate has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within two months of its emergence in the wild, making it a prominent threat in a short window.

“Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers, and more,” Cybereason said in a report.

Evidence indicates the ransomware strain was still in development as recently as February 2022, and only started to be used in attacks starting April after it was advertised on underground forums with an intent to buy and monetize corporate network access for a share of the profits.

Attack vectors for both Windows and Linux platforms are being utilized by the adversaries in the wild.

Black Basta wallpaper

Recommendations

  • Enable the Anti-Ransomware or Anti-Malware defenses, if possible.
    If you need help with defining defenses for your infrastructures, seek some help. You can reachout to our highly skilled consultants at cybermetrics.
  • Keep Systems Fully Patched: Make sure your systems are patched in order to mitigate vulnerabilities
  • Regularly Backup Files to a Remote Server: Restoring your files from a backup is the fastest way to regain access to your data
  • Use Security Solutions: Protect your environment using organizational firewalls, proxies, web filtering, and mail filtering
  • Already hit? Ofcourse, kick off your crisis management plans, but for sure, reach out for expert help. Avoid trying to hack them back, unless you know what you are upto.

References:

  1. https://www.cybereason.com/blog/cybereason-vs.-black-basta-ransomware
RELATED ARTICLES

Most Popular

Recent Comments