The BlackBasta Ransomware gang has been wreaking havoc on a wide range of organizations, with nearly 500 entities falling victim to their attacks from April 2022 to May 2024, according to a report jointly released by the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC).
Known for their ransomware-as-a-service approach, the group has specifically targeted critical infrastructure organizations in the United States, with around 16 such entities impacted. Their focus has primarily been on healthcare-related organizations in Australia, Europe, and North America, with high-profile victims including Rheinmetall of Germany, Hyundai’s European Division, Capita, ABB, the Toronto Public Library, the American Dental Association, Sobeys, Yellow Pages Canada, and many others.
In a separate report titled “State of the Ransomware 2024,” issued by Sophos, a startling 500% increase in the average ransom payments made by victims in 2023 has been revealed. These payments have ranged from a minimum of $2 million to as high as $400,000, indicating a worrying trend. Smaller criminal groups that deploy malware are now demanding at least $1 million, with 30% of demands in 2023 falling between $3 million to $5 million.
The question that arises is whether these ransomware gangs are reaping significant profits from their nefarious activities. While the numbers may suggest so, the actual success rate is relatively low, with only 2% to 4% of targeted organizations ultimately giving in to the demands. Many organizations are able to evade the attacks or choose not to comply with the extortion demands.
Sophos’ survey highlights another concerning trend – hackers are increasingly infecting backup copies and data continuity systems, leaving victims with limited options other than paying the ransom in cryptocurrency. Despite the implementation of proactive measures like threat monitoring solutions, no data storage system is completely impervious to ransomware attacks.
Furthermore, paying the ransom does not guarantee that victims will receive a decryption key, nor does it ensure that hackers won’t resort to selling or leaking the stolen data on the dark web, a tactic commonly known as double extortion. A recent incident involving Change Healthcare exemplifies this dilemma, as despite paying $22 million in cryptocurrency to the ALPHV or BlackCat ransomware group in March 2024, the company now faces a fresh threat from RansomHUB, demanding an additional $15 million to prevent the sale of the compromised data on the dark web.
The escalating sophistication and audacity of ransomware attacks underscore the urgent need for organizations to bolster their cybersecurity defenses and preparedness. With cybercriminals constantly evolving their tactics and targeting critical sectors, the stakes have never been higher for ensuring robust cybersecurity measures to safeguard sensitive data and protect against ransomware threats.