|
Cybereason WARNS U.S. Companies About New Ransomware Threat from Black Basta Gang
Thursday, December 1, 2022
Cybereason assesses the latest Black Basta gang ransomware attacks against U.S. organizations to be HIGH.
BOSTON, Nov. 23, 2022 /PRNewswire-PRWeb/ -- Cybereason, the XDR company, today issued a global threat alert advisory warning U.S. companies about a potentially widespread ransomware campaign run by the Black Basta ransomware gang. Organizations should be on especially high alert for ransomware attacks during the upcoming holidays, as a recent Cybereason study shows that attacks are common over holidays because organizations are generally under-staffed and ill-prepared for them.
The Black Basta gang emerged in April 2022 and has victimized hundreds of companies in the United States, United Kingdom, Australia, New Zealand and Canada. Organizations in English speaking countries appear to be targets. Cybereason assesses the threat level of ransomware attacks against global organizations today being HIGH.
"You can't pay your way out of ransomware. Unless an organization is in a life-and-death situation, we don't advise paying the ransom because you are only fueling the burgeoning ransomware economy. With its operations under the eyes of former REvil and Conti ransomware gang members, Black Basta is being professionally run with well-trained and skilled threat actors. They continue using the double extortion scheme of first breaching an organization and exfiltrating sensitive data before dropping the ransomware payload and threatening to publish stolen data unless a ransom is paid," said Lior Div, Cybereason CEO and Co-founder.
Key Findings
-- Threat actor moves extremely fast: In the different cases of
compromise Cybereason identified, the threat actor obtained domain
administrator privileges in less than two hours and moved to
ransomware deployment in less than 12 hours.
-- Threat Level is HIGH: Cybereason's GSOC assesses the threat level as
HIGH given the potentially widespread campaign being run by Black
Basta.
-- Widespread QBot campaign targeting U.S.-based companies: Threat
actors leveraging the QBot loader casted a large net targeting
mainly U.S.-based companies and acted quickly on any spear phishing
victims they compromised. In the last two weeks, Cybereason observed
more than 10 different customers affected by this recent campaign.
-- Network lockout: Among the many Qakbot infections Cybereason
identified, two allowed the threat actor to deploy ransomware and
then lock the victim out of its network by disabling the victim's
DNS service, which made the recovery even more complex.
-- Black Basta deployment: One particularly fast compromise Cybereason
observed led to the deployment of Black Basta ransomware. This
allowed Cybereason researchers to tie a link between threat actors
leveraging Qakbot and Black Basta operators.
Ransomware attacks can be stopped. Cybereason offers the following recommendations to organizations to reduce their risk:
-- Practice good security hygiene: For example, implement a security
awareness program for employees and ensure operating systems and
other software are regularly updated and patched.
-- Confirm key players can be reached at any time of day: Critical
response actions can be delayed when attacks occur over holidays and
weekends.
-- Conduct periodic table-top exercises and drills: Include key
stakeholders from other functions beyondsecurity, such as Legal,
Human Resources, IT, and top executives, so everyone knows their
roles and responsibilities to ensure as smooth a response as
possible.
-- Implement clear isolation practices: This will stop any further
ingress on the network and prevent ransomware from spreading to
other devices. Security teams should be proficient at things like
disconnecting a host, locking down a compromised account, and
blocking a malicious domain.
-- Consider locking down critical accounts when possible: The path
attackers often take in propagating ransomware across a network is
to escalate privileges to the admin domain-level and then deploy the
ransomware. Teams should create highly secured, emergency-only
accounts in the active directory that are only used when other
operational accounts are temporarily disabled as a precaution or
inaccessible during a ransomware attack.
-- Deploy EDR on all endpoints: Endpoint detection and response (EDR)
remains the quickest way for public and private sector businesses to
address the ransomware scourge.
About Cybereason
Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides planetary-scale data ingestion, operation-centric MalOp(TM) detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.
Learn more: https://www.cybereason.com/
Follow us: Blog | Twitter | Facebook
Media contact:
Bill Keeler
Senior Director, Global Public Relations
Cybereason
bill.keeler@cybereason.com
+1 (929) 259-3261
Media Contact
Bill Keeler, Cybereason, 929 259-3261, bill.keeler@cybereason.com
SOURCE Cybereason
|
|
|
|
|
|
 |
Sup AI Sets New Benchmark Record with 52.15% on Humanity's Last Exam | Jan 22, 2026
|
|
Weekly Recap: 11 Tech Press Releases You Need to See | Jan 22, 2026
|
|
DEADLINE ANNOUNCED FOR 2026 NEW TOP-LEVEL DOMAIN APPLICATIONS | Jan 22, 2026
|
|
Trigent Partners with WeWork India to Expand its GCC Footprint | Jan 22, 2026
|
|
Skunk Works® and XTEND Expand Joint All Domain Command and Control for Advanced Mission Execution | Jan 22, 2026
|
|
Altair HyperWorks 2026 Delivers Design and Simulation at Scale with AI | Jan 22, 2026
|
|
Exia Labs Brings Keystone to the U.S. Navy via DIU's Blue Object Management Challenge | Jan 22, 2026
|
|
Marketing Evolution Announces New Investment Led by Insight Partners to Power AI-Ready Marketing Data for the Agentic Era | Jan 22, 2026
|
|
Genpact Named a Leader in ISG Provider Lens(TM) 2025 for Insurance GCCs and Agentic AI Services | Jan 22, 2026
|
|
Glasswall Brings Defense-Level File Sanitization to Every Government Agency and Business Using Microsoft 365 | Jan 22, 2026
|
|
|
|
