CISA, HHS warn healthcare of Black Basta ransomware attacks

By Jill McKeon May 14, 2024 – Healthcare organizations should harden their systems to protect against Black Basta ransomware, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and HHS warned in a joint cybersecurity advisory (CSA).   As previously reported, Black Basta emerged in 2022 and has remained a threat to healthcare and other critical infrastructure sectors since. The ransomware as a service variant has been leveraged against 12 of the 16 designated critical infrastructure sectors across North America, Europe and Australia, enabling threat actors to encrypt and steal data.  Black Basta threat actors use tried-and-true techniques such as spear phishing and exploiting known vulnerabilities to gain initial access. These actors have been observed exploiting a ConnectWise ScreenConnect vulnerability involving authentication bypass (CVE-2024-1709). Additionally, the affiliates use credential scraping tools such as Mimikatz to further their attacks. Dig Deeper Following access, they typically use a double-extortion model to encrypt systems and steal data. The CSA warned that Black Basta affiliates have used PowerShell to disable antivirus products and have deployed a tool known as Backstab to disable endpoint detection and response technology. “Healthcare organizations are attractive targets for cybercrime actors due to their size, technological dependence, access to personal health information,...