HomeRisk ManagementsFBI warns that Black Basta ransomware has impacted over 500 organizations worldwide

FBI warns that Black Basta ransomware has impacted over 500 organizations worldwide

Published on

spot_img

In the early stages of their operations, Black Basta affiliates utilized email spear phishing techniques to infiltrate organizations by deploying trojans or backdoors through malicious attachments or links, a common tactic employed by various cybercriminal groups. This method of spear phishing continues to be prevalent and is favored by many hackers for its effectiveness in spreading malware.

Additionally, these cybercriminals also resorted to purchasing access from access brokers or malware distribution platforms such as Qakbot, also known as Qbot, which has been utilized by both Black Basta and Conti in the past. However, a new approach emerged in February 2024 when Black Basta affiliates started exploiting a vulnerability in ConnectWise, identified as CVE-2024-1709. Furthermore, some affiliates were observed abusing valid credentials to gain unauthorized access.

Black Basta’s primary objective is to obtain administrative credentials within the targeted organizations. Once they have gained initial access, the affiliates utilize various system tools and programs to escalate privileges and navigate through the network to compromise a domain controller. This enables them to acquire administrative credentials, which are crucial for deploying ransomware across multiple computers on the network using established management tools and application deployment mechanisms on Windows networks.

The FBI identified several tools that Black Basta affiliates employed during their operations, including the SoftPerfect network scanner (netscan.exe) for conducting network scans. Moreover, reconnaissance tools with names such as Intel and Dell were discovered in the root of the C:\ folder, indicating the sophistication and extensive preparations made by these cybercriminals.

In recent years, ransomware attacks have become increasingly prevalent, targeting organizations of all sizes across various industries. These attacks can have devastating consequences, causing financial losses, reputational damage, and operational disruptions for the affected entities. As cybercriminals continue to evolve their tactics and techniques, it is essential for organizations to enhance their cybersecurity measures and stay vigilant against potential threats.

The collaboration between the FBI and its partners in releasing joint advisories serves as a critical step in raising awareness about emerging cyber threats and providing guidance on mitigating risks. By sharing information and insights on the tactics employed by threat actors like Black Basta, organizations can better protect themselves against ransomware attacks and other malicious activities.

It is imperative for organizations to implement robust cybersecurity protocols, including regular software updates, employee training on cybersecurity best practices, and effective incident response plans to mitigate the impact of potential ransomware attacks. By staying informed about the latest cybersecurity threats and adopting proactive security measures, organizations can enhance their resilience and protect their valuable data from cyber threats.

Source link

Latest articles

Employees Enter Sensitive Data Into GenAI Prompts Frequently

A recent study conducted by researchers at Harmonic has shed light on the potential...

US Imposes Sanctions on Chinese Hacker Involved in Treasury Breach

The recent breach of the Department of Treasury's network by a cyber actor based...

AWS Alerts Users to Various Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV

In a recent development, Amazon Web Services (AWS) has brought to light critical security...

Has the TikTok Ban Already Had Negative Effects on US Cybersecurity?

The recent decision by the US Supreme Court to uphold the ban on TikTok...

More like this

Employees Enter Sensitive Data Into GenAI Prompts Frequently

A recent study conducted by researchers at Harmonic has shed light on the potential...

US Imposes Sanctions on Chinese Hacker Involved in Treasury Breach

The recent breach of the Department of Treasury's network by a cyber actor based...

AWS Alerts Users to Various Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV

In a recent development, Amazon Web Services (AWS) has brought to light critical security...