There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Israeli hospital targeted by ransomware attack
October 13, 2021
The Hillel Yaffe Medical Center in Hadera has been targeted by a ransomware attack that affected the computer systems of the hospital, the medical center announced on Wednesday. The attack occurred without any prior warning. Since the attack, the hospital has using alternate systems in the meantime while treating patients. The hospital is operating as normal, ...
- Russia and China left out of global anti-ransomware meetings
October 13, 2021
The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat. Publicly disclosed ransomware payments have reached more than $400 million globally in 2020 and over $81 million in the ...
- Olympus US systems hit by cyberattack
October 12, 2021
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021. “Upon detection of suspicious activity, we immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority ...
- Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha
October 12, 2021
Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline. The cyberattack occurred over the weekend, causing the bank to shut down portions of their network to prevent the attack’s spread to other systems. Read more… Source: Bleeping Computer
- Pacific City Bank discloses ransomware attack claimed by AvosLocker
October 11, 2021
Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month. The bank is circulating notices to inform its clients of a security breach it identified on August 30, 2021, which they claim to have addressed promptly. Read more… Source: Bleeping Computer
- Ukrainian police arrest DDoS operator controlling 100,000 bots
October 11, 2021
Ukrainian police have arrested a hacker who controlled a 100,000 device botnet used to perform DDoS attacks on behalf of paid customers. DDoS for hire The threat actor was arrested at his home in Prykarpattia where he was allegedly using the botnet to perform DDoS attacks or to support other malicious activity for his clients. This activity included ...