Black Basta Ransomware

May 29

Black Basta ransomware is toying with critical infrastructure providers, authorities say

Black Basta ransomware has targeted healthcare and other critical infrastructure providers in recent months, impacting more than 500 organizations around the world as of this month, the FBI and CISA warned Friday in a joint advisory with the Department of Health and Human Services and MS-ISAC. The alert comes just after a ransomware attack hit Ascension, a major healthcare provider that was forced to divert patients last week.

Black Basta ransomware has targeted 12 of the 16 government-designated critical infrastructure sectors. Federal authorities have also linked the ransomware-as-a-service group to exploitation of critical vulnerabilities in ConnectWise ScreenConnect since February. 

Black Basta is using a social engineering campaign to target managed detection and response security tool users, according to research released Friday by Rapid7. Users have been prompted to download remote management tools, such as Any Desk or Microsoft’s Quick Assist feature.

(Source: Cybersecurity Dive)

Northern California city suffers second cyberattack in less than a month

The City of St. Helena, California, on Monday suffered a cyberattack that forced officials to shut down the city’s computer systems and public library as a cautionary measure.

The city, which sits about 65 miles north of San Francisco in Napa Valley, is working with the Northern California Computer Crimes Task Force, a company that provides computer forensic assistance to law enforcement agencies, to investigate the cyberattack, according to an emailed statement from the city. According to the statement, upon initial review, the cyberattack may have compromised more than 20 computers and a network server.

The city said its antivirus system blocked numerous attacks starting at 1:30 a.m. on Monday and that the virus appears similar to one that has struck other cities in California, including Oakley, which suffered a cyberattack in February.

The city claims the cyberattack did not affect water and wastewater plants or emergency services because they operate on separate networks.

(Source: Statescoop)