StopRansomware: Black Basta
Essential information
- Published
- 13/05/2024 09:31
- Modified
- 13/05/2024 10:00
- Tags
- 2024-05-08 2024-05-09 2024-05-10 2024-05-13 CVE-2020-1472 CVE-2021-34527 CVE-2021-42278 CVE-2021-42287 CVE-2024-1709 encryption exfiltration healthcare phishing pinkslipbot qakbot qbot quackbot ransomware
- Related entities
- 5 vulnerabilities (cve), 174 observables, 1 intrusion sets (apt), 8 techniques (mitre), 4 malware, 2 others
Description
This advisory details tactics, techniques, procedures and indicators of compromise related to Black Basta ransomware, a variant first identified in April 2022. Its affiliates have impacted over 500 organizations globally across multiple critical infrastructure sectors, including Healthcare and Public Health. They gain initial access through phishing and exploiting vulnerabilities, employ double extortion tactics with data exfiltration and encryption, and leverage various tools for lateral movement and privilege escalation. The advisory provides mitigations and recommendations for organizations to protect against this threat.