Press Release

Cybereason CAUTIONS Global Organisations Against Black Basta Gang Destructive Ransomware Attacks

Cybereason, the XDR company, today issued a global threat alert advisory, warning global organisations about a rise in ransomware attacks from the Black Basta gang. The Black Basta gang emerged in April 2022 and has victimized nearly 50 companies in the United States, United Kingdom, Australia, New Zealand and Canada. Organisations in English speaking countries appear to be targets. Cybereason assesses the threat level of ransomware attacks against global organisations today being SEVERE.

“Since Black Basta is relatively new, not a lot is known about the group. Due to their rapid ascension and the precision of their attacks, Black Basta is likely operated by former members of the defunct Conti and REvil gangs, the two most profitable ransomware gangs in 2021,” said, Lior Div, Cybereason CEO and Co-founder.

Black Basta has been using the double extortion scheme on their victims and some of their ransom demands have exceeded $1 million. Double extortion works when attackers penetrate a victim’s network, steal sensitive information by moving laterally through organisations and threaten to publish the stolen data unless the ransom demand is paid.

Ransomware attacks can be stopped. Cybereason offers these recommendations to organisations to reduce their risks: 

  • Practicing good security hygiene like implementing a security awareness program for employees, assuring operating systems and other software are regularly updated and patched.
  • Assuring key players can be reached at any time of day as critical response actions can be delayed during the upcoming July 4th holiday and when attacks occur during off hours and on weekends and holidays.
  • Conducting periodic table-top exercises and drills and including those beyond the security team like Legal, Human Resources, IT Support and all the way up to the Executive Suite is also key to running a smooth incident response.
  • Ensuring clear isolation practices are in place to stop any further ingress on the network or spreading of the ransomware to other devices. Teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain, etc. Testing these procedures with scheduled or unscheduled drills at least every quarter is recommended. .
  • Evaluating lock-down of critical accounts when possible. The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.
  • Deploying EDR on all endpoints. The quickest remedy to the ransomware scourge for public and private sector businesses is deploying EDR on endpoints according to Gartner’s Peter Firstbrook. Yet Firstbrook says that only 40 percent of endpoints have EDR.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *