720-891-1663

Feds Warn About Black Basta as Ascension Health Diverts Ambulances, Uses Pencils

As ransomware attacks go, Black Basta has been around for a long time – since 2022. According to CISA, it has targeted 500 organizations and is believed to be an offshoot of the Conti Gang.

CISA also says that Black Basta typically allows 10-12 days for negotiation before they post the victim’s data. We are around day 5 for Ascension Health.

Their ransom demands are well into 6 figures, so if you do fall victim, you are not going to get of cheap.

Upon payment, it is reported that victims are given a report on how they got in, along with the decryption key.

The attacks are often not high tech – using techniques like spear phishing. This means that they could likely be avoided if the victim organizations had spent a little money on training and filtering software. They do attack using vulnerabilities also. Recently, they were spotted using the ConnectWise vulnerability to gain initial access.

The Health-ISAC (Information Sharing and Analysis Center) said they also used vulnerabilities dating back to 2021 such as the Windows common log file system driver bug.

Finally, they sometime just buy stolen credentials from initial access brokers. Since many healthcare organizations have not implemented ROBUST multi-factor authentication, that may be all they need to get it.

CISA issued an advisory on Friday and guess what three recommendations they have?

  • Install patches as soon as they are available
  • Require phishing resistant MFA (AKA robust MFA)
  • Train users

Hmmm. Seems like the three things I suggested above before reading the advisory.

The advisory comes from the FBI, CISA, HHS and the MS-ISAC. Whether people listen or not is a crap shoot.

But here is the good news. If you just do the three items above you greatly reduce the odds of falling victim. Remember you don’t need to be bulletproof, just resistant enough that the hackers move on to the next target. Becoming bulletproof is extremely hard, but becoming bullet resistant is much easier.

While this might seem a bit mercenary, you can only control what you do, not the other folks.

If you want to improve your odds, contact us.

Credit: The Register and CISA

Facebooktwitterredditlinkedinmailby feather

Leave a Reply

Your email address will not be published. Required fields are marked *