Black Basta Ransomware Attack Brought Down Ascension IT Systems, Report Finds (crn.com) 17
The Russia-linked ransomware group Black Basta is responsible for Wednesday's cyberattack on St. Louis-based Ascension health system, according to sources reported by CNN. The attack disrupted access to electronic health records, some phone systems and "various systems utilized to order certain tests, procedures and medications," the company said in a statement. From a report: On Friday, the nonprofit group Health-ISAC (Information Sharing and Analysis Center) issued an alert about the group, saying that Black Basta has "recently accelerated attacks against the healthcare sector." HHS said that Black Basta was initially spotted in early 2022, known for its double extortion attack. The group not only executes ransomware but also exfiltrates sensitive data, operating a cybercrime marketplace to publicly release it should a victim fail to pay a ransom.
"The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups," the alert from HHS said. According to one report from blockchain analytics firm Elliptic and cybersecurity risk-focused Corvus Insurance, Black Basta in less than two years has won itself more than $100 million via ransomware schemes from 329 organizations. Previous victims of its attacks include Dish Network, the American Dental Association, business process services firm Capita and tech firm ABB.
"The level of sophistication by its proficient ransomware operators, and reluctance to recruit or advertise on Dark Web forums, supports why many suspect the nascent Black Basta may even be a rebrand of the Russian-speaking RaaS threat group Conti, or also linked to other Russian-speaking cyber threat groups," the alert from HHS said. According to one report from blockchain analytics firm Elliptic and cybersecurity risk-focused Corvus Insurance, Black Basta in less than two years has won itself more than $100 million via ransomware schemes from 329 organizations. Previous victims of its attacks include Dish Network, the American Dental Association, business process services firm Capita and tech firm ABB.
Black Basta(rd)? Seems A Little Racist. (Score:2)
Racist ransomware coming for your pigmented ass :)
Re: (Score:1)
I'm guessing that this kind of criminal isn't much in to social niceties.
Re: (Score:3)
What a shame. They could have called thenselves Back Blasta instead.
Re: (Score:2)
Or even themselves.
"Basta" is Italian for "Stop!" (Score:2)
Re: (Score:2)
Speak English or die!
Re: (Score:2)
Breaking News: Russian Man Arrested After Daring Bank Robbery
Only thing worse than being funny is not being funny.
Oh my God (Score:2)
Dumb Health Care Providers Did It, Not Black Basta (Score:3)
For many years I hear anger, surprise and desperation about more and more such attacks, and the general consensus appears to be "they are soooo sophisticated, there is simply nothing we can do". All the while these companies almost pathologically cling to their Microsoft Monoculture, the one single common denominator among all these attacks. CNN's article doesn't even mention the affected systems any more, because it is so obvious to everyone. Yes, it is an attack geared against Microsoft's systems [cisa.gov].
Since there appear to exist "absolutely zero alternatives to MS Outlook, Sharepoint and Active Directory", we'll probably have to live through some more decades of this. So please all lean back, put on a calm smile, and enjoy the endless stream of management's explanations "experts from Mandiant are now on the premises investigating blah blah blah"!
Re: Dumb Health Care Providers Did It, Not Black B (Score:2)
Also remember, TikTok selling your information baaaad! Government using data brokers to spy on American citizens good! Unrestricted data mining with zero privacy laws also very good!
Fuck I wish Americans weren't so goddamn stupid. They could piss on us and the only thing you'd hear about is how lovely the warm rain feels.
Re: (Score:2)
All the while these companies almost pathologically cling to their Microsoft Monoculture, the one single common denominator among all these attacks.
Wrong. The one common denominator always has been, and remains, the mouth-breathing user. OS and security tools cannot fix broken minds. Changing the OS will secure zero improvement.
Making the OS responsible for moronic behaviour would be.... moronic. Security tooling is, at best, a seatbelt. You really don't want to have to rely on it because it could never be 100% effective.
But do keep on spreading the FUD around. It must make you feel... informed or something - I suppose....
Re: (Score:2)
always has been, and remains, the mouth-breathing user. OS and security tools cannot fix broken minds. Changing the OS will secure zero improvement.
100% of one linux distro (pick any distro, it won't change a thing) ecosystem would run into the exact same issues as these ubiquitous 100% Microsoft ecosystems, because the exploiters know and can plan months in advance, how to hide tracks, increase access and move laterally through the whole server space of an outfit once they managed to sneak in. What really hinders exploiters from roaming through the system is a diversity of platforms running the show.
I have seen this live in action, when exploiters roo
Medical records should NEVER have been... (Score:2)
made electronic. Yeah, this is Slashdot and we're all techie an such and we all feel a knee-jerk attachment to the idea that everything is better when digitized, but NOPE... in the REAL WORLD you have vast armies of idiots with MBA degrees and such who simply cannot be trusted with computers and other peoples' private info. Medical system after medical system after medical system has been cyber attacked and had all their patients' personal data held ransom. These morons are simply incapable of resisting the
Seems obvious Russia is full on cyberattacking USA (Score:2)