CISA Advisory for Healthcare Providers: Black Basta Ransomware

In early May 2024, the Cybersecurity Infrastructure Security Agency (CISA) issued a Cybersecurity Advisory, in conjunction with the FBI, HHS, and other related organizations, describing the significant risk the Ransomware Black Basta presents to the healthcare community. This advisory memo can be found by visiting this link.

What is Black Basta?

Black Basta is a ransomware variant that has been targeting healthcare and other critical infrastructure organizations since late 2020. It is a type of malware that encrypts the files on a victim's computer or network and demands a ransom for the decryption key. Black Basta also steals sensitive data from the victims and threatens to publish it online if the ransom is not paid.

How does Black Basta infect systems?

Black Basta affiliates use common initial access techniques, such as phishing and exploiting known vulnerabilities. Phishing is a method of sending fraudulent emails that appear to come from legitimate sources, but contain malicious links or attachments that can install malware on the recipient's device. Exploiting known vulnerabilities is a method of taking advantage of security flaws in software or hardware that have not been patched or updated. Once Black Basta gains access to a system, it can spread to other devices on the network and encrypt the files on them.

What are the consequences of a Black Basta attack?

Black Basta can cause significant disruption and damage to the affected organizations. The encryption of files can render them inaccessible and unusable, affecting the delivery of essential services and operations. The exfiltration of data can expose the organizations to legal, regulatory, and reputational risks, as well as potential identity theft and fraud for the individuals whose information is compromised. The ransom demand can be very high, and there is no guarantee that the attackers will provide the decryption key or delete the stolen data after receiving the payment.

How can you protect your organization from Black Basta?

CISA has provided recommendations for prevention and response. Some of the key mitigations from CISA include:
• Backing up your data regularly and storing it offline or in a separate network.
• Updating your software and hardware with the latest security patches.
• Using strong passwords and multi-factor authentication for your accounts and systems.
• Training your staff to recognize and avoid phishing emails and malicious links or attachments.
• Implementing network segmentation and access control policies to limit the exposure of sensitive data and systems.
• Using antivirus software and firewalls to detect and block malicious traffic and activity.
• Reporting any ransomware incidents to your local FBI field office or CISA.

Black Basta is a serious threat to the healthcare sector and other critical infrastructure organizations. By following the CISA guidance and implementing best practices for cybersecurity, you can reduce the likelihood of compromise and minimize the impact of a potential attack.