The FBI, CISA, HHS, and MS-ISAC have issued a joint Cybersecurity Advisory about Black Basta ransomware activity as part of the #StopRansomware initiative.
Black Basta has targeted at least 12 critical infrastructure sectors, including healthcare and public health.
Black Basta is a RaaS has been active since April 2022, and it has impacted several businesses and critical infrastructure entities across North America, Europe, and Australia. As of May 2024, Black Basta has impacted over 500 organizations worldwide.
In December 2023, Elliptic and Corvus Insurance published a joint research that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. According to the experts, the ransomware gang has infected over 329 victims, including ABB, Capita, Dish Network, and Rheinmetall.
The researchers analyzed blockchain transactions, and they discovered a clear link between Black Basta and the Conti Group that discontinued its operation in 2022.
The group mainly laundered the illicit funds through the Russian crypto exchange Garantex. The largest received ransom payment was $9 million, and at least 18 of the ransoms exceeded $1 million. The average ransom payment was $1.2 million.
Most of the victims are in the manufacturing, engineering and construction, and retail sectors. 61,9% of the victims are in the US, 15.8% in Germany, and 5.9% in Canada.
The US agencies recommend critical infrastructure organizations implement several mitigations. These align with the Cross-Sector Cybersecurity Performance Goals developed by CISA and NIST, providing a minimum set of practices to protect against common threats.
Recommendations provided in the report include installing updates promptly, using phishing-resistant multi-factor authentication (MFA), securing remote access software, making backups, and applying mitigations from the #StopRansomware Guide.
Indicators of Compromise
- d73f6e240766ddd6c3c16eff8db50794ab8ab95c6a616d4ab2bc96780f13464d
- f039eaaced72618eaba699d2985f9e10d252ac5fe85d609c217b45bc8c3614f4
- 723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
- ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
- fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f
- df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415
- 462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7
- 3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a
- 5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa
- 37a5cd265f7f555f2fe320a68d70553b7aa9601981212921d1ac2c114e662004
- 3090a37e591554d7406107df87b3dc21bda059df0bc66244e8abef6a5678af35
- 17879ed48c2a2e324d4f5175112f51b75f4a8ab100b8833c82e6ddb7cd817f20
- 42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78
- 882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3
- e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757
- 0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e
- 69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944
- 3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a
- 17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90
- b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9
