The agencies emphasized to healthcare organizations the heightened risks that this ransomware operation poses, and they asked them to make sure that these suggested mitigations are implemented to thwart any future attacks. Because of their size, reliance on technology, access to personal health information, and the particular effects of patient care disruptions, healthcare companies are appealing targets for cybercrime actors.

To reduce the likelihood of a Black Basta ransomware attack, defenders should keep operating systems, software, and firmware up to date, mandate phishing-resistant Multi-Factor Authentication (MFA) for as many services as they can, and teach users how to spot and report phishing attempts. They should also use mitigations mentioned in the StopRansomware Guide, apply CISA-recommended mitigations, and often back up important systems and device configurations to facilitate quicker repairs and restorations to protect remote access software.

Impact

• Financial Loss
• Operational Disruption
• Sensitive Information Theft

Indicators of Compromise

• 46.161.27.151
• 185.219.221.136

MD5

• ce99e91e6c2a6defe1a86462870ba321
• 2d5cefe02cef5d14da7d609f0ccad1bc
• d513a09a10122ba8cd6df651aae35fb0
• f309d2c8a5c82367f0fd2be457055813
• f74cec233a9609461e7518dd4c90207b
• 24544104aaa9931b8cc0c68622864488
• 640132bbf92eb7c794a5c593fbb362de
• 497ef4779c6770e4497adf0bc71655f1
• 8bae9edbf5b1035cd52ca45b23fee29d

Remediation

• Block all threat indicators at your respective controls.
• Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Maintain Offline Backups - In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
• Conduct regular backups of your important data and ensure that these backups are stored offline or in a separate network. This will help protect your data from being compromised by ransomware attacks.
• Deploy advanced threat detection and monitoring solutions to identify potential ransomware activity in real time. Monitor network traffic, system logs, and behavior anomalies to detect and respond to ransomware incidents promptly.
• Never trust or open links and attachments received from unknown sources/senders.
• Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.
• If a device on the network has been infected with ransomware, immediately disconnect it from the network to prevent the malware from spreading to other devices. This will help contain the attack and limit further damage.
• Disconnect external storage devices if connected.
• Implement the principle of least privilege by granting employees the minimum access rights required to perform their tasks. Regularly review and update user access privileges to prevent unauthorized access and limit the impact of ransomware.