This week was pretty quiet on the ransomware front, with most of the attention on the
seizure of the BreachForums data theft forum.
However, that does not mean there was nothing of interest released this week about ransomware.
A report by CISA said that the Black Basta ransomware oepration has
breached over 500 organizations worlwide since the group
launched in April 2022.
After the Conti
suffered a massive data breach, the ransomware operation shut down and its
members splintered into different groups or launched their own ransomware operations.
One of those operations is Black Basta, which is believed to be composed of prior Conti members who operate it as a private group rather than as public ransomware-as-a-service.
It is widely believed that CISA released this report after news of
massive disruption at Ascension Healthcare was caused by a Black Basta ransomware attack.
In other news, the relatively new Inc Ransomware was attempting to
sell its source code for $300,000. However, it is unclear whether the group was selling older, unused code or shutting down the operation.
Ransomware phishing attacks also took front stage this week, with the
Phorpiex botnet sending millions of emails that led to LockBit Black ransomware attacks, with the encryptor believed to have been created using
LockBit's leaked source code.
BlackBasta was also found
mailbombing employees in targeted organizations by subscribing their email addresses to various subscription services. They then contacted the target as IT support from their company to conduct a social engineering attack that let them gain access to the victim's computer.
Finally, Australian electronic prescription provider MediSecure shut down its IT systems and phones after
suffering a 'large-scale' ransomware data breach.
