HomeRisk ManagementsFBI warns that Black Basta ransomware has impacted over 500 organizations worldwide

FBI warns that Black Basta ransomware has impacted over 500 organizations worldwide

Published on

spot_img

In the early stages of their operations, Black Basta affiliates utilized email spear phishing techniques to infiltrate organizations by deploying trojans or backdoors through malicious attachments or links, a common tactic employed by various cybercriminal groups. This method of spear phishing continues to be prevalent and is favored by many hackers for its effectiveness in spreading malware.

Additionally, these cybercriminals also resorted to purchasing access from access brokers or malware distribution platforms such as Qakbot, also known as Qbot, which has been utilized by both Black Basta and Conti in the past. However, a new approach emerged in February 2024 when Black Basta affiliates started exploiting a vulnerability in ConnectWise, identified as CVE-2024-1709. Furthermore, some affiliates were observed abusing valid credentials to gain unauthorized access.

Black Basta’s primary objective is to obtain administrative credentials within the targeted organizations. Once they have gained initial access, the affiliates utilize various system tools and programs to escalate privileges and navigate through the network to compromise a domain controller. This enables them to acquire administrative credentials, which are crucial for deploying ransomware across multiple computers on the network using established management tools and application deployment mechanisms on Windows networks.

The FBI identified several tools that Black Basta affiliates employed during their operations, including the SoftPerfect network scanner (netscan.exe) for conducting network scans. Moreover, reconnaissance tools with names such as Intel and Dell were discovered in the root of the C:\ folder, indicating the sophistication and extensive preparations made by these cybercriminals.

In recent years, ransomware attacks have become increasingly prevalent, targeting organizations of all sizes across various industries. These attacks can have devastating consequences, causing financial losses, reputational damage, and operational disruptions for the affected entities. As cybercriminals continue to evolve their tactics and techniques, it is essential for organizations to enhance their cybersecurity measures and stay vigilant against potential threats.

The collaboration between the FBI and its partners in releasing joint advisories serves as a critical step in raising awareness about emerging cyber threats and providing guidance on mitigating risks. By sharing information and insights on the tactics employed by threat actors like Black Basta, organizations can better protect themselves against ransomware attacks and other malicious activities.

It is imperative for organizations to implement robust cybersecurity protocols, including regular software updates, employee training on cybersecurity best practices, and effective incident response plans to mitigate the impact of potential ransomware attacks. By staying informed about the latest cybersecurity threats and adopting proactive security measures, organizations can enhance their resilience and protect their valuable data from cyber threats.

Source link

Latest articles

White House Quantum Summit Unites Industry on Transition and Innovation

The recent quantum computing summit held at the White House marks a significant step...

Huntress Signs Giacom to Expand UK MSP Access to Managed Detection and Response

Huntress Expands Its Footprint Through Partnership with Giacom Huntress, a recognized leader in cybersecurity, has...

New Malicious Campaign Distributes Vidar Stealer and Monero Crypto Miner

In a concerning development within the realm of cyber threats, a new campaign has...

More like this

White House Quantum Summit Unites Industry on Transition and Innovation

The recent quantum computing summit held at the White House marks a significant step...

Huntress Signs Giacom to Expand UK MSP Access to Managed Detection and Response

Huntress Expands Its Footprint Through Partnership with Giacom Huntress, a recognized leader in cybersecurity, has...

New Malicious Campaign Distributes Vidar Stealer and Monero Crypto Miner

In a concerning development within the realm of cyber threats, a new campaign has...