FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health | #ransomware | #cybercrime

Russian ransomware rascals riled a healthcare organization, forcing them to turn away ambulances.

Ascension Health Alliance, a nonprofit Roman Catholic health ministry, was breached by ransomware scum last week. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning similar organizations to be on their guard.

Ascension had to turn ambulances away and rely on paper. In today’s SB Blogwatch, we pray for the patients.
Your humble blog­watcher curated these bloggy bits for your enter­tain­ment. Not to mention: Important Things.


What’s the craic? Paul Reuter’s Pratik Jain reminds us how this started: Ascension warns of suspected cyberattack; clinical operations disrupted

Initiated processes
Hospital operator Ascension reported disruptions to its clinical operations on Wednesday due to a suspected cybersecurity incident and advised business partners to temporarily disconnect from its systems … ”out of an abundance of caution.” … It said it continues to investigate the situation after detecting unusual activity.

It had initiated processes to ensure patient care delivery continues to be safe and minimally impacted, the nonprofit said. … Founded as a Catholic nonprofit in 1999, the network includes about 134,000 associates, 35,000 affiliated providers and 140 hospitals.

Who dunnit? Bleeping’s Sergiu Gatlan drops the other shoe: CISA: Black Basta ransomware breached over 500 orgs

Embarrassing data breaches
CISA and the FBI said … Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. … The gang also encrypted and stole data from at least 12 out of 16 critical infrastructure sectors.

Black Basta was linked this week to a suspected ransomware attack that hit the systems of healthcare giant Ascension, forcing the U.S. healthcare network to redirect ambulances. … This Russian-linked [gang] emerged as a Ransomware-as-a-Service (RaaS) operation in April 2022. Its affiliates have since breached many high-profile victims. … After the Conti cybercrime syndicate shut down in June 2022 following a series of embarrassing data breaches, it split into multiple groups, one of these factions believed to be Black Basta.

How is CISA explaining it? Here’s CISA alert AA24-131A: #StopRansomware: Black Basta

Attractive targets
Black Basta affiliates use common initial access techniques—such as phishing and exploiting known vulnerabilities—and then employ a double-extortion model, both encrypting systems and exfiltrating data. … Typically, the ransom notes give victims between 10 and 12 days to pay the ransom before the ransomware group publishes their data.

Healthcare organizations are attractive targets … due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions. [We] urge HPH Sector and all critical infrastructure organizations to apply the recommendations in the Mitigations section of this CSA. … Victims of ransomware should report the incident to their local FBI field office or CISA.

What’s up with that name? _merlin explains:

“Basta!” means, “Stop!” or, “That’s enough!” in Italian, and has made it into Russian as a loanword. [It’s not] connected … with “bastard.”

What can be done? labrador is always hungry:

Since there are state actors attemting to sow public disorder in the U.S., it seems increasingly like a bad idea to have hosptital networks and the like on public networks accessible from around the globe.

Is it because the Russians hate Roman Catholics? DoctorNine scrawls this Rx:

“Because that’s where the money is:” The classic Willie Sutton observation, of why specific institutions are targeted by thieves, provides sufficient rationale. … I doubt the miscreants responsible are demonic agents of Hell specifically targeting Catholics.

Maybe a more equitable US social network, that includes universal health care as a basic human right, would make healthcare a less lucrative hacking target. Crazy, right?

How are they coping? u/fnatha1 has bad news:

Working 14 hours in the ER at an Ascension hospital in Maryland. … Let me tell you that everything is being done on paper and is the biggest cluster **** there is.

Patients are in the hospital … and no one can access their info, so you have to start at square one. … Definitely will affect patient outcomes.

How could that be avoided? Here’s Orange Blossom:

It is events like this that make me think that a paper system is still needed even if just as a backup.

Meanwhile, horns4lyfe alleges an allegation:

Maybe we could stop outsourcing all our IT infrastructure? Naw, the CEO needs a new boat.

And Finally:

Demetri Martin

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], or [email protected]. Ask your doctor before reading. Your mileage may vary. Past per­formance is no guar­antee of future results. Do not stare into laser with re­maining eye. E&OE. 30.

Image source: Kai Pilger (via Unsplash; leveled and cropped)

Recent Articles By Author

Source link


National Cyber Security