The reason that awareness and vigilance are among the first steps towards your network’s cyber posture and overall cyber defense is because of how quickly things can change in the cyber threat environment. We are seeing that with ransomware groups, strains, tactics and tools continue to evolve and diversify.
CISA issued an advisory for Black Basta, an APT group our cyber experts discussed in our webinar last week, Advanced Persistent Threats: Fear the Disruption, about its variant that has targeted 12 of the 16 critical infrastructure sectors, mainly healthcare.
Who is Black Basta?
Black Basta has been observed using Qakbot (Qbot) as a preliminary infection route into networks. The group extorted $150 million in ransomware payments in 2023 until the US DOJ disrupted Qakbot operations.
The cyber crime group adapted, with ransom payment transfers growing again since the takedown of Qakbot.
The more ransomware groups and malware strains are disrupted, the more these groups and strains continue to diversify and come back, which is why vigilance, awareness, training and monitoring all continue to be critical to protecting networks.
With groups like Black Basta targeting critical infrastructure, it’s important to be aware of what techniques they’re using and how you can take proactive measures.
CISA’s advisory notes that Black Basta is using phishing as well as well-known vulnerabilities, and then employing a double-extortion where they encrypt systems and exfiltrate data.
How to Defend Your Network Against Black Basta and Other Ransomware Organizations
- Use the 3-2-1 backup method to protect data
- 3 backups, 2 types of media, 1 offsite copy
Make regular cyber training part of your organization’s policy to detect phishing attempts
Conduct vulnerability scans yearly or quarterly, depending on your type of organization to know if your network has any exposure to known vulnerabilities
Other Resources
- Don’t Let Cyber Threats Disrupt Your Networks During the Holidays
- Cyber Insights and Lessons Learned from 2024 Cyber Attacks
- CJIS Security Policy Updates: Changes for Public Safety & Law Enforcement
- Unlocking Cybersecurity: How Encryption Protects Data and Fuels Cyber Threats
- Cybersecurity Awareness Month 2024: Steps to Secure Your Network