CISA: Black Basta ransomware breached over 500 orgs worldwide


​CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.

In a joint report published in collaboration with the Department of Health and Human Services (HHS) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), the two federal agencies added that the gang also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors.

“Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia,” CISA said.

Black Basta emerged as a Ransomware-as-a-Service (RaaS) operation in April 2022. Its affiliates have since breached many high-profile victims, including German defense contractor RheinmetallHyundai’s European division, U.K. technology outsourcing company Capita, industrial automation company and government contractor ABB, the Toronto Public Library, the American Dental AssociationSobeysKnauf, and Yellow Pages Canada.

Read more…