May 22, 2024 • 3 mins
In a coordinated effort to combat the growing threat of ransomware, the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory (CSA) detailing the tactics, techniques, and procedures (TTPs) of the Black Basta ransomware variant.
The advisory, published on May 10, 2024, is part of the ongoing #StopRansomware campaign, which aims to provide critical information to network defenders to help protect against ransomware attacks. Black Basta, a ransomware-as-a-service (RaaS) variant first identified in April 2022, has been targeting organizations across at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.
According to the advisory, Black Basta affiliates have impacted over 500 organizations globally as of May 2024. The threat actors employ common initial access techniques, such as phishing and exploiting known vulnerabilities, before deploying a double-extortion model, encrypting systems and exfiltrating data. Victims are provided with a unique code and instructed to contact the ransomware group via a .onion URL, accessible through the Tor browser, to receive ransom demands and payment instructions.
The joint advisory emphasizes the attractiveness of healthcare organizations as targets for cybercrime actors due to their size, technological dependence, access to personal health information, and the potential for patient care disruptions. To mitigate the risk of Black Basta and other ransomware attacks, the authoring organizations urge HPH Sector and all critical infrastructure organizations to implement the recommendations outlined in the advisory, which align with the Cross-Sector Cybersecurity Performance Goals (CPGs) developed by CISA and the National Institute of Standards and Technology (NIST).
Key mitigations include installing updates for operating systems, software, and firmware as soon as they are released, prioritizing the update of Known Exploited Vulnerabilities (KEV), requiring phishing-resistant multi-factor authentication (MFA) for as many services as possible, and implementing recommendations from joint phishing guidance to stop attacks at the initial phase.
The advisory also provides a comprehensive list of indicators of compromise (IOCs), including malicious files, network indicators, and known Black Basta Cobalt Strike domains, to help organizations detect and respond to potential Black Basta infections.
FBI, CISA, HHS, and MS-ISAC encourage organizations to promptly report ransomware incidents to the appropriate authorities, regardless of whether they have decided to pay the ransom. The authoring organizations emphasize that paying the ransom does not guarantee the recovery of files and may encourage further criminal activity.
As the threat of ransomware continues to evolve, the joint advisory serves as a crucial resource for organizations seeking to enhance their cybersecurity posture and protect against the devastating impact of Black Basta and other ransomware variants. By implementing the recommended mitigations and staying vigilant, organizations can significantly reduce their risk of falling victim to these increasingly sophisticated attacks.
This content was created in partnership and with the help of Artificial Intelligence AI
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
In a coordinated effort to combat thegrowing threat of ransomware, the Federal Bureau
of Investigation FBI, Cybersecurity and InfrastructureSecurity Agency SISA, Department of Health and
Human Services HHS, and Multi StateInformation Sharing and Analysis Center ms ISAAC have
released a joint Cybersecurity Advisory CSA detailingthe tactics, techniques and procedures TTPs of
(00:26):
the black Bosta ransomware variant. Theadvisory, published on May tenth, twenty
twenty four, is part of theongoing hash stop Ransomware campaign, which aims
to provide critical information to network defendersto help protect against ransomware attacks. Blackbasta,
a ransomware as a service RAS variant, first identified in April twenty twenty
(00:47):
two, has been targeting organizations acrossat least twelve out of sixteen critical infrastructure
sectors, including the healthcare and publichealth HPH sector. According to the advisory,
Blackbasta affiliates have impacted over five hundredorganizations globally as of May twenty twenty
four. The threat actors employ commoninitial access techniques such as phishing and exploiting
(01:08):
known vulnerabilities before deploying a double extortionmodel encrypting systems and exfiltrating data. Victims
are provided with a unique code andinstructed to contact the ransomware group via a
Onion URL accessible through the Tor browserto receive ransom demands and payment instructions.
The Joint Advisory emphasizes the attractiveness ofhealthcare organizations as targets for cybercrime actors due
(01:34):
to their size, technological dependence,access to personal health information, and the
potential for patient care disruptions. Tomitigate the risk of black Basta and other
ransomware attacks, the authoring organizations urgehph sector and all critical infrastructure organizations to
implement the recommendations outlined in the advisory, which align with the cross sector Cybersecurity
(01:56):
Performance Goals CPGs developed by CCASA andthe National Institute of Standards and Technology NIST.
Key mitigations include installing updates for operatingsystems, software and firmware as soon
as they are released, prioritizing theupdate of known exploited vulnerabilities keV, requiring
phishing resistant multi factor authentication MFA foras many services as possible. In implementing
(02:22):
recommendations from Joint Phishing Guidance to stopattacks at the initial phase. The advisory
also provides a comprehensive list of indicatorsof compromise IOCs, including malicious files,
network indicators, and known blackbost toCobalt strike domains to help organizations detect and
respond to potential Blackbosta infections. FBI, CISA, HHS, and MSIAC encourage
(02:46):
organizations to promptly report ransomware incidents tothe appropriate authorities, regardless of whether they
have decided to pay the ransom.The authoring organizations emphasize that paying the ransom
does not guarantee the recovery of filesand may encourage further criminal activity. As
the threat of ransomware continues to evolve, the joint advisory serves as a crucial
(03:07):
resource for organizations seeking to enhance theircybersecurity posture and protect against the devastating impact
of black Basta and other ransomware variants. By implementing the recommended mitigations and staying
vigilant, organizations can significantly reduce theirrisk of falling victim to these increasingly sophisticated attacks.
In a coordinated effort to combat thegrowing threat of ransomware, the Federal Bureau
of Investigation FBI, Cybersecurity and InfrastructureSecurity Agency SISA, Department of Health and
Human Services HHS, and Multi StateInformation Sharing and Analysis Center ms ISAAC have
released a joint Cybersecurity Advisory CSA detailingthe tactics, techniques and procedures TTPs of
(00:26):
the black Bosta ransomware variant. Theadvisory, published on May tenth, twenty
twenty four, is part of theongoing hash stop Ransomware campaign, which aims
to provide critical information to network defendersto help protect against ransomware attacks. Blackbasta,
a ransomware as a service RAS variant, first identified in April twenty twenty
(00:47):
two, has been targeting organizations acrossat least twelve out of sixteen critical infrastructure
sectors, including the healthcare and publichealth HPH sector. According to the advisory,
Blackbasta affiliates have impacted over five hundredorganizations globally as of May twenty twenty
four. The threat actors employ commoninitial access techniques such as phishing and exploiting
(01:08):
known vulnerabilities before deploying a double extortionmodel encrypting systems and exfiltrating data. Victims
are provided with a unique code andinstructed to contact the ransomware group via a
Onion URL accessible through the Tor browserto receive ransom demands and payment instructions.
The Joint Advisory emphasizes the attractiveness ofhealthcare organizations as targets for cybercrime actors due
(01:34):
to their size, technological dependence,access to personal health information, and the
potential for patient care disruptions. Tomitigate the risk of black Basta and other
ransomware attacks, the authoring organizations urgehph sector and all critical infrastructure organizations to
implement the recommendations outlined in the advisory, which align with the cross sector Cybersecurity
(01:56):
Performance Goals CPGs developed by CCASA andthe National Institute of Standards and Technology NIST.
Key mitigations include installing updates for operatingsystems, software and firmware as soon
as they are released, prioritizing theupdate of known exploited vulnerabilities keV, requiring
phishing resistant multi factor authentication MFA foras many services as possible. In implementing
(02:22):
recommendations from Joint Phishing Guidance to stopattacks at the initial phase. The advisory
also provides a comprehensive list of indicatorsof compromise IOCs, including malicious files,
network indicators, and known blackbost toCobalt strike domains to help organizations detect and
respond to potential Blackbosta infections. FBI, CISA, HHS, and MSIAC encourage
(02:46):
organizations to promptly report ransomware incidents tothe appropriate authorities, regardless of whether they
have decided to pay the ransom.The authoring organizations emphasize that paying the ransom
does not guarantee the recovery of filesand may encourage further criminal activity. As
the threat of ransomware continues to evolve, the joint advisory serves as a crucial
(03:07):
resource for organizations seeking to enhance theircybersecurity posture and protect against the devastating impact
of black Basta and other ransomware variants. By implementing the recommended mitigations and staying
vigilant, organizations can significantly reduce theirrisk of falling victim to these increasingly sophisticated attacks.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com