There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- REvil ransomware asks $70 million to decrypt all Kaseya attack victims
July 5, 2021
REvil ransomware has set a price for decrypting all systems locked during the Kaseya supply-chain attack. The gang wants $70 million in Bitcoin for the tool that allows all affected businesses to recover their files. The attack on Friday propagated through Kaseya VSA cloud-based solution used by managed service providers (MSPs) to monitor customer systems and ...
- CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack
July 4, 2021
CISA and the Federal Bureau of Investigation (FBI) continue to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers (MSPs) and their customers. CISA and FBI strongly urge affected MSPs and their customers to follow the guidance below. CISA and FBI recommend affected MSPs: Download the Kaseya ...
- US chemical distributor shares info on DarkSide ransomware data theft
July 3, 2021
World-leading chemical distribution company Brenntag has shared additional info on what data was stolen from its network by DarkSide ransomware operators during an attack from late April 2021 that targeted its North America division. Brenntag is the second largest in sales for North America, according to the ICIS report on the Top 100 Chemical Distributors worldwide. The ...
- CISA: Kaseya VSA Supply-Chain Ransomware Attack
July 2, 2021
CISA is taking action to understand and address the recent supply-chain ransomware attack against Kaseya VSA and the multiple managed service providers (MSPs) that employ VSA software. CISA encourages organizations to review the Kaseya advisory and immediately follow their guidance to shutdown VSA servers. Source: Cybersecurity and Infrastructure Security Agency KASEYA VSA Important Notice July 2nd, 2021 KASEYA VSA ...
- Why Healthcare Keeps Falling Prey to Ransomware and Other Cyberattacks
July 2, 2021
The healthcare industry is under attack like never before. What started as a surge in criminal activity during the early days of the coronavirus pandemic has now metastasized into a full-blown crisis within the healthcare industry worldwide. The recent disruptive ransomware attacks on Scripps Health in San Diego, Ireland’s national health service and Waikato hospitals in ...
- TrickBot Spruces Up Its Banking Trojan Module
July 2, 2021
The TrickBot trojan is adding man-in-the-browser (MitB) capabilities for stealing online banking credentials that resemble Zeus, the early banking trojan, researchers said — potentially signaling a coming onslaught of fraud attacks. TrickBot is a sophisticated (and common) modular threat known for stealing credentials and delivering a range of follow-on ransomware and other malware. But it started ...