Ransomware Group Black Basta Hits Critical Health Infrastructure
Ransomware has appeared in the news again, lashing out in attacks targeting over 500 organizations over two years. One such incident threatens countless lives. In the United States, Ascension, a healthcare system on which over 140 hospitals are dependent was struck in an attack. This attack crippled vital automated processes ranging from test procedures, medications and health record maintenance. Manual processes came into effect to meet these needs until the system come back online.
The group responsible is a Russian speaking hacker organization known as Black Basta. They have targeted various important infrastructure sectors with ransomware attacks. Since 2022 they have been operating a “Ransomware as a Service” model. Under this model affiliates or clients may use Black Basta’s own infrastructure to perform a ransomware attack.In the past month, according to an FBI advisory, at least two healthcare organizations in the US and Europe have been stuck.
Healthcare Infrastructure such as the Ascension system are resources upon which millions throughout the world depend. Ransomware attacks such as these threaten the full crippling of complex systems if the victims don’t give into a ransom. When so many lives are on the line it makes sense that hospitals would be likely to give into the attackers’ demands. That is exactly what these attackers count on.
What is Ransomware?
It is a type of cyber attack that targets individuals or organizations. The attacker aims to gain access to a large amount of important data through various means. When said data is compromised the attacker’s malware encrypts or otherwise renders that data inaccessible to its owners. Soon after, the attacker sends a message to the victim, informing them of the attack and promising to return access to their data if they give into their demands. Usually, a large sum of money is on the line. The Atttacker often may threaten to delete the data if these demands are not met.
How did Black Basta Operate?
Analysts have reported that they used social engineering to achieve their ends. The target users received a large volume of spam emails typically from legitimate online newsletters. This torrent would be so large and come so fast that it would overwhelm existing email protections. The attackers would then pose as members of the organization’s IT team and promise to help fix the problem, tricking the victim into giving them access to the system. via a remote access application.
Lessons Learned
Organizations would do well to learn from this. Ransomware attacks grow more frequent and complex by the day. Novel threats and techniques perpetrated by their authors can harm countless systems belonging to even smaller businesses. Social Engineering attacks such as those by Black Basta target weak links in an organization’s hierarchy and should be taken particularly seriously in the near future.
Sources:
https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/ransomware
https://arstechnica.com/security/2024/05/black-basta-ransomware-group-is-imperiling-critical-infrastructure-groups-warn/
