Security news aggregator

Latest coverage for Black Basta

Black Basta is a ransomware operation; coverage examines reported incidents, technical analysis, disruption, and defensive guidance for organizations.

12 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Black Basta is a ransomware operation that encrypts victims’ data and threatens to publish stolen information to pressure payment. The group is known for combining data encryption with data theft, increasing the impact on targeted organizations. Their attacks often involve exploiting vulnerabilities or compromised remote access to deploy ransomware payloads designed to evade detection and maximize disruption.

Security teams should focus on controlling remote access with multi-factor authentication, applying timely patches to known vulnerabilities, and segmenting networks to limit ransomware spread. Monitoring for indicators of compromise related to Black Basta’s tactics, such as unusual file encryption activity or data exfiltration, can help detect and contain incidents early. Understanding this dual-threat approach is critical for prioritizing defenses and response efforts against this ransomware family.

Volume over time

Weekly headline count for the current query.

Showing 12 most recent headlines Filtered view
Bank Info Security 5 months, 4 weeks ago

Ransomware 'Most Wanted': Cops Seek Head of Black Basta

Crackdown Targets Multiple Members of Cybercrime Group, Including 'Hash Crackers'Police raided two suspected members of the notorious Black Basta ransomware group - tied to over 600 victims worldwide and many millions in ransom payments - in Ukraine and issued an international arrest warrant for the Russian national suspected of being the operation's founder and ringleader.

Defunct Ransomware Group's Diaspora Includes Hackers With Focus on Microsoft TeamsBased on intelligence gleaned from the leak of Black Basta ransomware messages, researchers are warning organizations to beware phishing attacks launched via Microsoft partner domains and via Teams, as well as the targeting of personal Google accounts accessed via corporate devices.

After Disrupting Ascension Health, Black Basta Forecast Reprisals From FBI, Moscow"We are pentesters, not murderers," ransomware group Black Basta claimed in its negotiations with victim Ascension Healthcare in May 2024, after its attack led to widespread disruptions and patient safety alerts. Leaked chat logs reveal the group feared resulting reprisals from the FBI and Moscow.

Also: U.S. Health Data Privacy Crackdowns, Reality vs. Hype of LLMs in SecurityIn this week's update, four editors with ISMG explore the crumbling state of ransomware group Black Basta and implications for other cybercrime gangs, the expanding impact of U.S. health data privacy laws, and whether large language models are truly what they seem.

Bank Info Security 1 year, 4 months ago

Black Basta Leaks Reveal Targeting, Planning, Escalation

Group Cross-Referenced Open-Source Victim Intelligence With Infostealer HaulsThe leak of 200,000 internal chat messages for the Black Basta operation provides an overview of how a modern ransomware group organizes itself to take down victims in the most efficient, profit-maximizing manner possible, using a variety of tactics that should be, in theory, easy to repel.

Bank Info Security 1 year, 4 months ago

Leaked Black Basta Chat Logs Show Banality of Ransomware

'He Is an Idiot,' Dissatisfied Hacker Writes of BossTwo hundred thousand internal chat messages from the Russian ransomware group Black Basta have been leaked online, supposedly in reprisal for the operation targeting Russian banks. The partial logs, spanning 13 months, detail negotiations with victims, ransoms paid, internal disagreements and more.

Both Ransomware Operations Remain Active and Pose a Threat, Experts WarnRansomware business moves: Attacks tied to BlackLock have been surging, likely bolstered by the group's custom-built malware, while the long-running Black Basta operation remains a threat, even as it looks set to disband due to core members facing "fatigue," report cybercrime experts.

Bank Info Security 1 year, 7 months ago

Black Basta Ransomware Group Retools for Strategic Attacks

Social Engineering Moves Mirror Nation-State Groups' Tactics, Researchers SayThe Black Basta ransomware group has been refining its social engineering tactics to amass more victims despite escalating law enforcement disruptions, together with a shift to more "strategic, long-term planning" that security experts said suggests Russian state ties.

Also: Chinese Cyberespionage, Defiant Cleveland, and a Spanish Ransomware AttackThis week, ONNX targeted Microsoft 365, Symantec spotted Chinese espionage, AMD may have been breached, Cleveland vowed to defy hackers, Black Basta hit a Spanish firm, Pakistani hackers targeted India, Microsoft said it fixed flaws in Azure, and the U.S. and Indonesia held a cybersecurity exercise.

Also: Spanish Hacker Alcasec Arrested AgainThis week, Fluent Bit contains a flaw, Microsoft is nuking VBScript, Irish police and the SEC face fines, a man was sentenced for BEC, a flaw was found in Netflix's Genie, an Australia university said it was breached and Black Basta claimed an attack, and hacker Alcasec was arrested again.

Bank Info Security 2 years, 2 months ago

Feds, Groups Warn Health Sector of Black Basta Threats

Advisories Come As Black Basta Appears Responsible for Ascension Ransomware AttackU.S. federal authorities warn that the Russian-speaking ransomware group Black Basta is actively targeting American critical infrastructure amid reports that it's behind the ransomware attack on hospital chain Ascension. The hospital chain is still operating under downtime procedures.

Bank Info Security 2 years, 4 months ago

TA577 Now Focusing on NT LAN Manager Authentication Theft

Proofpoint Spots Recent Changes in Cyber Tactics for Black Basta-Affiliated GroupA cyber threat actor is shifting tactics from conventional malware delivery to a targeted focus on acquiring NT LAN Manager authentication information to potentially collect sensitive data and perform other malicious actions. The campaigns have targeted hundreds of organizations globally.