There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024.
This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid7 has observed sustained social engineering attacks. Evidence now suggests that BlackSuit affiliates have either adopted Black Basta’s strategy or absorbed members of the group. The developer(s) of a previously identified Java malware family, distributed during social engineering attacks, have now been assessed as likely initial access brokers, having potentially provided historical access for Black Basta and/or FIN7 affiliates.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Conti Gang Demands $40M Ransom from Florida School District
April 6, 2021
The Conti Gang has demanded a $40 million ransom from a Fort Lauderdale, Fla., school district after a ransomware attack last month. Attackers stole personal information from students and teachers, disrupted the district’s networks, and caused some services to be unavailable. The incident that was discovered on March 7 at Broward County Public Schools drew limited ...
- 2020 Phishing Trends With PDF Files
April 5, 2021
From 2019-20, we noticed a dramatic 1,160% increase in malicious PDF files – from 411,800 malicious files to 5,224,056. PDF files are an enticing phishing vector as they are cross-platform and allow attackers to engage with users, making their schemes more believable as opposed to a text-based email with just a plain link. To lure users ...
- Ransomware gang leaks data from Stanford, Maryland universities
April 3, 2021
Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. The threat actors obtained the documents after hacking the universities’ Accellion File Transfer Appliance (FTA) software used to share and store sensitive information. Data stolen in the attack targeting Stanford Medicine’s ...
- Browser lockers: extortion disguised as a fine
April 2, 2021
Browser lockers (aka browlocks) are a class of online threats that prevent the victim from using the browser and demand a ransom. A locker is a fake page that dupes the user, under a fictitious pretext (loss of data, legal liability, etc.), into making a call or a money transfer, or giving out payment details. ...
- 800Gbps DDoS extortion attack hits gambling company
March 31, 2021
Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level. Internet security services company Akamai has already dealt with the largest known ransom DDoS (RDDoS) attack, which was also more complex than previously seen incidents of the same type. Bigger, more complex RDDoS Akamai ...
- Financial Cyberthreats in 2020
March 31, 2021
2020 was challenging for everyone: companies, regulators, individuals. Due to the limitations imposed by the epidemiological situation, particular categories of users and businesses were increasingly targeted by cybercriminals. While we were adjusting to remote work and the rest of the new conditions, so were scammers. As a result, 2020 was extremely eventful in terms of ...