About Black Basta

            Black Basta is delivered as a ransomware-as-a-service  (RaaS) offering, making the barrier to entry for a
            potential attacker very low.  RaaS vendors generally provide their customers with full technical  support
            and make it a turn-key operation  for criminal enterprises.  Black Basta was first seen in the wild in April
            2022  and  has  targeted  over  500  private  industry  and  critical  infrastructure  organizations,  including
            healthcare  companies,  in North  America,  Europe  and  Australia.  In their  first few  months  of operation,
            they attacked 19 prominent enterprises and were responsible for more than 100 confirmed victims. The
            group uses a double extortion tactic, encrypting the victim’s data and servers, as well as ransoming their
            sensitive data on their public leak site. While most recent hacks and attempts have targeted healthcare
            systems,  such  as Ascension  Healthcare,  Black Basta  is also  responsible  for  several significant  hacks
            such as the attack on Dish Network, the American Dental Association, The Toronto Public Library system,
            Capita, ABB and many more.

            Today, Black Basta remains at large. The group’s structure has shifted, splitting off into smaller groups
            that can be linked through their similar attack practices  and vulnerabilities.  That said, there are ways to
            protect yourself and your organization from these threat actors.



            Prevention and Protection

            In response to the increasing cyber threats identified as the Black Basta group by the Cybersecurity and
            Infrastructure Security Agency (CISA), the Federal Bureau of Investigation  (FBI) and the Department of
            Health  and  Human  Services  (HHS),  healthcare  facilities  are  actively  searching  for  stronger  system
            security.  In their  advisory  they  offered  preventive  options  and  response  mitigation  suggestions  every
            organization should look into. These included:

               •  Backing up data regularly
               •  Storing data offline or off-network
               •  Continuously updating software and hardware as the latest security patches are released
               •  Using strong passwords and multi-factor authentication for all accounts and systems
               •  Requiring all employees to receive training on recognizing and avoiding phishing attempts
               •  Implementing network segmentation and access control policies to limit the exposure of sensitive
                   data and systems
               •  Using antivirus software and firewalls to detect and block malicious traffic and activity
               •  Reporting any ransomware incidents to your local FBI field office or CISA



            While  all  organizations  are  advised  to  utilize  antivirus  software,  use  caution  with  suspicious  emails,
            educate staff about phishing and back up their data, organizations are now also advised to bulk up their
            protection  through  more proactive  approaches,  such as is provided  by the IGEL Preventative  Security
            Model.

            This  model  prioritizes  proactive  prevention  over  merely  reactive  measures,  ensuring  that  healthcare
            organizations are responsive and fortified ahead of sophisticated  malware and ransomware attacks that




            Cyber Defense eMagazine – July 2024 Edition                                                                                                                                                                                                          115
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.