Black Basta Ransomware Attacks Linked to FIN7 Threat Actor
The hacker behind a tool used by Black Basta had access to the source code used by FIN7
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The hacker behind a tool used by Black Basta had access to the source code used by FIN7
The ransomware gang made the announcement on its leak site
Several artifacts from recent attacks strongly suggest a connection between the two operations, researchers say.
The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental. [...]
A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group
Commitments include international wallet info sharing, KYC requirements, and an AML crackdown The White House's second International Counter Ransomware Initiative summit has concluded, and this year the 36-nation group has made clear it intends to crack down on how cryptocurrencies are used to finance ransomware operations.…
Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as "Carbanak." [...]
Up 188% on 2020 but could be because financial institutions were encouraged to report incidents Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents.…
While the ransomware-for-hire group works to create ever more efficient exploits, companies can protect themselves with structured vulnerability management processes. Prioritize threats based on severity and risk.
Emergency operations are continuing, but the hospital system failed and cannot be accessed
The figures come from the 2022 Interim Cyber Threat Report by Deep Instinct
Broken code signature? LGTM, says Microsoft OS A cybersecurity firm has issued another unofficial patch to squash a bug in Windows that Microsoft has yet to fix, with this hole being actively exploited to spread ransomware.…
Dozens of international delegations meet for the second year to share intel, with a goal of stopping ransomware attacks on critical infrastructure.
As cyber threats ramp up, businesses and organizations will be hoping for more than platitudes The White House has begun its second annual International Counter Ransomware Summit in which Biden administration officials will convene with representatives of three dozen nations, the EU, and private business to discuss the growing threat posed by data-destroying cyber attacks.…
Accelerates the safe recovery from ransomware attacks.
The firm is one of the defense department's external providers employed to run one of its websites
An unofficial patch has been made available for an actively exploited security flaw in Microsoft Windows that makes it possible for files signed with malformed signatures to sneak past Mark-of-the-Web (MotW) protections
A new and destructive 'Azov Ransomware' data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack. [...]