3 Things to Know About the Cybergang that Attacked Ascension
Since first appearing two years ago, the ransomware group Black Basta has rapidly gained prominence as one of the biggest threats to healthcare organizations’ cybersecurity.
The cybergang is believed to be an offshoot of the notorious Russian cybercriminal group Conti. The group — which is responsible for the massive cyberattack suffered by Ascension last month — has impacted more than 500 organizations across the world, according to a May notice from the Cybersecurity and Infrastructure Security Agency (CISA).
Below are three key pieces of information to know about the cybercriminal group.
Victims usually get less than 2 weeks to pay the group’s ransom.
Black Basta, first identified in April 2022, has attacked a wide range of organizations across North America, Europe and Australia, according to CISA’s notice.
The ransomware gang typically uses common techniques to gain initial access to its victim’s systems, such as phishing or exploiting known software vulnerabilities. From there, Black Basta uses a double-extortion approach, meaning it encrypts its victim’s systems and exfiltrates the data.
Usually, the group’s ransom notes give victims 10-12 days to pay the ransom before it publishes their data.
The group extorted more than $100 million in its first year and a half.
A report released by currency tracking service Elliptic and Corvus Insurance in late November showed that Black Basta had raked in at least $107 million in bitcoin from more than 90 victims.
The average ransom payment was $1.2 million, according to the report. The largest ransom payment was $9 million, and at least 18 of payments exceeded $1 million.
The existence of cybergangs like Black Basta means that providers need to take more precautions than ever before.
When a large healthcare provider like Ascension gets hit by a ransomware attack, staff often implements manual workarounds to continue patient care during the incident. But these workarounds can create additional security risks, said Joel Burleson-Davis, senior vice president of worldwide engineering and cyber at digital identity security company Imprivata, during a recent interview.
“When normal systems are compromised, healthcare providers may resort to using unsecured methods to access or share patient information, such as personal devices or manual record-keeping,” he explained. “These practices can increase the risk of data breaches and further compromise patient safety, as they often bypass established security protocols designed to protect patient information.”
When disconnected from secure communication and/or third-party services, an employee may resort to providing sensitive information like passwords or patient data through emails, phone calls or paper notes.
This is risky not only because papers can be misplaced and employee’s phones and emails can be hacked — but also because there have also been reports of cybercriminal groups like Black Basta using social engineering attacks, including voice phishing, to gain access to systems, Burleson-Davis declared.
“Without multi-factor authentication or other identity verification methods, a staff member looking to maintain the flow of care may inadvertently open the organization to even greater exploitation by sharing information to an outside party,” he remarked.
Photo: WhataWin, Getty Images