CISA releases advisory on Black Basta ransomware that targeted 500 industries, including the recent Ascension attack

The healthcare sector remains the prime target of threat actors

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

black basta ransomware

CISA, in collaboration with the FBI (Federal Bureau of Investigation), HHS (Department of Health and Human Services), and MS-ISAC (Multi-State Information Sharing and Analysis Center), recently released an advisory on the Black Basta ransomware highlighting the attack details and mitigations.

According to the CISA’s advisory, threat actors used Black Basta to encrypt and steal data from 12 of the 16 critical industries. This includes the Healthcare and Public Health (HPH) sector.

Describing Black Basta, the advisory reads,

Black Basta is considered a ransomware-as-a-service (RaaS) variant and was first identified in April 2022. Black Basta affiliates have impacted a wide range of businesses and critical infrastructure in North America, Europe, and Australia. As of May 2024, Black Basta affiliates have impacted over 500 organizations globally.

The advisory also delves into the modus operandi of the Black Basta affiliates. It suggests that threat actors first breach the systems through known vulnerabilities, then both extract and encrypt the data, forcing organizations to cede to their demands.

The ransom amount is not shared right away, but affected organizations are instructed to contact the Black Basta affiliates through a .onion link, which is only accessible via the Tor browser. Then, affected parties have 10-12 days to pay the ransom or risk having the data posted on the Black Basta TOR website.

Amongst all the industries, healthcare remains the primary target for threat actors linked to the Black Basta ransomware due to the critical information involved and the scale of disruption it causes, the Ascension attack being a recent example. It led to the non-profit diverting ambulances from hospitals following the attack, according to CNN.

Ascension didn’t share any more information about the attack but confirmed working alongside the FBI and CISA to ascertain the extent of the attack and identify if any personal information was compromised.

Although the CISA advisory didn’t directly connect Black Basta affiliates with the Ascension attack, reports suggest that threat actors linked to the ransomware were responsible.

Previously, the UnitedHealth Group faced a similar attack and had paid $22 million to threat actors in a bid to protect the user’s data. It was one of the biggest attacks in recent times, affecting a third of Americans, according to CNN.

Mitigations against Black Basta ransomware shared by CISA

The joint advisory by CISA and FBI lists a series of mitigations that will help protect the systems against the Black Basta ransomware.

  • Make sure you are running the latest version of the operating system, firmware, and software.
  • Enable Multi-factor authentication for all critical services.
  • If using a remote access software, make sure it’s completely secure.
  • Create regular backups of critical data so you don’t lose it in case of a ransomware attack.
  • Hold training programs to apprise users about the source of ransomware attacks, steps to limit the extent of the attacks early on, and who to report them to.

Cyber attacks have increased exponentially in recent years, primarily due to AI reaching into the hands of threat actors. While Microsoft has committed to safeguarding AI from threat actors, the situation on the ground is different.

We will have to wait and see what impact the CISA’s Black Basta ransomware advisory has and whether it leads to fewer attacks in the coming days.

What do you think? Share with our readers in the comments section.

More about the topics: security threats