Outbreak Alert

Black Basta Ransomware

Released: May 14, 2024

Black Basta Ransomware Ransomware Tags

Critical Severity

Watch Video

Impacting 500+ organizations and counting

A new alert from CISA, the FBI, the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals that Black Basta affiliates have attacked 12 of the 16 critical infrastructure sectors, including healthcare organizations. Learn More »

Common Vulnerabilities and Exposures

Background

Black Basta is a type of ransomware-as-a-service (RaaS) that was first discovered in April 2022. Since then, its affiliates have targeted numerous businesses and critical infrastructure in North America, Europe, and Australia. By May 2024, Black Basta has impacted over 500 organizations worldwide. In this Ransomware-as-a-Service (RaaS) model, the developers offer a service such as ransomware, an infrastructure for payment processing and ransom negotiation, and technical support to its affiliates.

Black Basta has been seen to use techniques such as phishing and exploiting public facing applications to gain initial access. Previously, it was seen to exploit the PrintNightmare (CVE-2021-34527), ZeroLogon (CVE-2020-1472) and Follina (CVE-2022-30190) vulnerabilities for priviledge escalation. n’t

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

February 28, 2024: FortiGuard Labs released an outbreak alert on ConnectWise vulnerability CVE-2024-1709, which has been exploited by Black Basta recently.
https://www.fortiguard.com/outbreak-alert/connectwise-screenconnect-attack
June 01, 2023: Fortinet released a detailed blog on Blackbasta Ransomware and how Antivirus Service and FortiEDR detects and blocks the ransomware.
https://www.fortinet.com/blog/threat-research/ransomware-roundup-black-basta

Attack Sequence

Actions taken by cyber attacker or a malicious entity to compromise a target system or network.

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
AV
Inline Sandbox
Vulnerability
AV (Pre-filter)
Behavior Detection
IPS
Web App Security
Pre-execution
Anti-ransomware

DETECT

IOC
Outbreak Detection
Threat Hunting
Playbook

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Attack Surface Monitoring (Inside & Outside)
Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

Fortinet Blog

Learn More »

CISA Advisory

Learn More »

CRN

Learn More »

ConnectWise Outbreak

Learn More »

American Hospital Association

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Black Basta Ransomware

Impacting 500+ organizations and counting

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

Attack Sequence

FortiGuard Cybersecurity Framework

Threat Intelligence

References

Fortinet Blog

CISA Advisory

CRN

ConnectWise Outbreak

American Hospital Association

About FortiGuard Outbreak Alerts

Threat Intelligence
Center