top of page
Search
Writer's pictureAlex Sabin

Joint Advisory Issued by CISA, FBI, and HHS Regarding Black Basta Ransomware Threat to Healthcare Sector


 

In the wake of the targeting of Ascension, the largest nonprofit health system in the US, by an undisclosed threat actor, the Cybersecurity and Information Security Agency (CISA), Federal Bureau of Investigation (FBI), and Department of Health and Human Services (HHS) have released a joint advisory warning about the ever-growing threat posed by Black Basta.


A prolific Ransomware as a Service (RaaS) group, Black Basta has targeted over 500 US-based entities since its emergence on the cyber scene in April 2022. While Black Basta has historically targeted a wide range of critical infrastructure sectors, the group has increased its attacks against healthcare in recent months.


While Black Basta uses common initial access methods such as phishing, it employs a unique communication method by providing each victim with a specific code that can be used to contact the threat group. Black Basta has been noted for using a double extortion method, attempting to force organizations to pay to restore encrypted systems and also charging organizations to prevent the release of exfiltrated data.


With increased pressure from law enforcement on major threat actors such as LockBit and Black Cat, Black Basta is just one of many groups rising to the spotlight. With so many new actors on the scene, organizations are urged to ensure that all systems are appropriately patched, users are educated on the dangers of phishing, and a robust incident response plan is in place.


As threat actors continue to diversify their means and methods, stay proactive and stay safe!


Relevance:


  • Active in the wild with increasing attack frequency


Recommendations:

 

  • Proactive patching of endpoints 

  • User awareness training


References:


 

How can CyberForce|Q services help you address this risk?


Incident Response is a time-based situation and CyberForce|Q can assist with a potential incident in your environment. Our experienced Incident Response Team can be deployed 24x7x365 – reach out to solutions@cyberforceq.com.


Learn more about CyberForce|Q.




19 views0 comments

Comments


bottom of page