Black Basta Strikes 500+ Organizations, Critical Infrastructure Hit Hard

According to a joint report by the FBI and CISA, affiliates of the Black Basta group attacked over 500 organizations from April 2022 to May 2024. The group also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors.

Black Basta, which began operating under the Ransomware-as-a-Service (RaaS) model in April 2022, targeted numerous prominent entities, including the German defense company Rheinmetall, the Swiss robotics company ABB, and the British technology outsourcing firm Capita.

PyLocky ransomware decryption

After the cybercriminal syndicate Conti ceased operations in May 2022, it fragmented into several groups, one of which is believed to be Black Basta. Research by Elliptic and Corvus Insurance indicates that the extortionists received at least $100 million in ransoms from over 90 victims (as of November 2023). It is noted that the group attacked a minimum of 20 victims within its first two weeks of operation.

The joint guidance on protection against attacks recommends updating operating systems, software, and firmware, using phishing-resistant multi-factor authentication, training users to recognize phishing attempts, and securing remote access applications.

Particular attention is given to threats against healthcare organizations. Due to their reliance on technology and access to personal medical information, they are of special interest to cybercriminals. Authorities strongly recommend implementing the proposed risk mitigation measures to defend against attacks.