The Black Basta ransomware gang and their eponymous RaaS have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, according to a recent CISA update, including the Healthcare and Public Health (HPH) Sector and more than 100 other confirmed enterprise victims.

Augur predicted 3 of the IPs currently in use in Black Basta attacks and protected subscribers by proactively blocking those IPs.

‍

• 185.220.101.149  
  • part of CIDR 185.220.101.128/26 (100% of IPs associated with this CIDR have been confirmed malicious) 
  • Predicted malicious Q2 2022

• 185.220.100.240 
  • part of CIDR 185.220.100.240/30 (100% of IPs associated with this CIDR have been confirmed malicious) 
  • Predicted malicious Q2 2021

• 46.8.16.77
  •  part of CIDR 46.8.16.0/23 (40% of IPs associated with this CIDR have been confirmed malicious)
  • Predicted malicious  Q2 2017

What is Black Basta?

‍Black Basta is a ransomware operator and Ransomware-as-a-Service (RaaS) group that emerged in early 2022, quickly becoming one of the most active RaaS entities by targeting over 100 organizations, particularly in the US, Japan, and other developed nations. The group is known for its double extortion tactics, where they encrypt critical data and threaten to publish it unless a ransom is paid. Black Basta is believed to have ties to the defunct Conti group and the FIN7 threat actor, evidenced by similarities in their malware development and evasion techniques.For more details, you can read a whole article about BlackBasta here.‍

‍

Why Does this Matter?‍

As a RaaS (ransomware as a service) offering, we will likely see a continued uptick in associated cases. Protecting against Black Basta ransomware is crucial due to its ability to target a wide range of critical infrastructure sectors, including healthcare, where disruptions can have life-threatening consequences. Black Basta uses advanced techniques like double extortion and encrypting systems while exfiltrating data. This ransomware has affected over 500 organizations globally, making it a significant threat. Effective defenses include robust phishing prevention, patch management, and advanced threat detection tools​).

‍Your Early Warning System
Augur is your best early warning system and your insurance policy against novel threats.

Our smart behavioral prediction models identify and group threat actors based on patterns of activity. The platform can then predict novel attacks up to 50 days out. At the time of prediction, these predictions are often +-90% unique compared to other leading threat data sources. 

Augur has predicted and protected against major elements of numerous important vulnerabilities, including Solar Winds, Log4JShell, Colonial Pipeline and ProxyNotShell hacks months ahead of first reports.
‍
Find Out More
Curious to see how Augur works and how Augur’s predictive intelligence can improve your Patient Zero protection and overall security posture? You can learn more about how Augur works and how it solves real-world security problems.