Black Basta ransomware group's techniques evolve, as FBI issues new warning in wake of hospital attack
Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension.
The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away ambulances "in order to ensure emergency cases are triaged immediately."
In a statement, Ascension confirmed that while its hospitals were providing healthcare, the ransomware attack meant that its electronic health records and other systems used to order tests, procedures, and medications were currently unavailable.
Now the FBI, CISA, and other US government agencies have released a joint cybersecurity advisory warning of the Black Basta ransomware that is thought to have impacted over 500 organisations globally since April 2022, including in the United States, UK, India, Canada, Australia, New Zealand, and UAE.
Black Basta, the advisory explains, has encrypted and stolen data from at least 12 of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) sector, threatening to release it unless a ransom is paid.
The updated warning comes just as news emerges that Black Basta attacks have adopted a new attack methodology with a social engineering twist.
Security researchers have uncovered that attackers are tricking targeted companies' users into downloading and installing remote access software using the following cunning technique:
- The attackers start by flooding a user's inbox with spam emails and unwanted newsletters to such an extent that their inboxes become effectively unusable.
- The attackers call the user, offering to fix the problem.
- As part of the fix, the targeted employee is duped into installing remote access software, granting the attackers full control of their computer. This gives the attackers the ability to plant malware and steal information.
What probably makes the attack particularly effective is the combined use of both email and phone calls. Many users might naturally be suspicious of emails that arrive in their inbox, but more trusting of phone calls - particularly if they refer to a problem that they really are having with their inbox (namely, a flood of unwanted email that is interrupting their ability to do their job).
In order to better safeguard your organisation against ransomware threats, consider implementing the following security measures:
- Regularly back up your data to a secure, offsite location. This ensures that you can recover your information even if your systems are compromised.
- Keep your security software up-to-date and install the latest patches for your operating systems and applications. This helps protect against known software vulnerabilities that attackers could exploit.
- Use strong, unique passwords for all your accounts and enable multi-factor authentication. This adds an extra layer of security, making it harder for attackers to gain access even if they have your password.
- Encrypt sensitive data whenever possible. This makes the data unreadable to anyone without the decryption key, even if they steal it.
- Minimise your attack surface by disabling any unnecessary services or features to reduce potential entry points for attackers.
- Educate your staff about the risks of cyberattacks and how to recognise the common tactics used by criminals. This helps raise awareness and empowers employees to make informed decisions about security.
Knowing how to respond, particularly in the first 48 hours after a cyber attack, is critical.
The best approach is to take proactive measures and have emergency plans in place because it's not a matter of if, but when, your business will suffer a ransomware attack.
Make sure to read Exponential-e's step-by-step guide on ransomware remediation.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
