Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

Roger Grimes | May 16, 2024

Black Basta Ransomware Uses PhishingRapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block. The ransomware gang then makes contact with the victim, pretends to be the victim’s legitimate IT help desk, and offers help.

That help includes the “help desk’s” need to install legitimate remote management software. The attacker then uses the remote access to install other malware and to compromise other systems. Like most ransomware groups, the end objective often includes encrypted files, operational interruption and exfiltrated data.

Defenses

Defenses include:

  • Educate your users about these types of tactics.
  • Educate users to report incidents of mass email spam flooding to IT security operations, even if emails appear to be legitimate or are made up of spam versus traditional phishing lures.
  • Ensure all users understand how your IT department would contact them and how remote control assistance would be performed if needed.
  • As Rapid7 recommends, it can’t hurt to blocklist common remote management software services so they cannot be used in unauthorized connections.

Security awareness training includes making all users aware of the many types of social engineering schemes. Black Basta adds one more scenario that users should be aware of.

Test Your Network’s Defenses with our Free Ransomware Simulator

When employees bypass guidance and fall for social engineering, your network security is the last line of defense. Run our 100% harmless RanSim tool on Windows 10+ workstations to safely simulate 25 ransomware and cryptomining infection scenarios, pinpoint technical vulnerabilities, and get your results in minutes.

Launch Your Free Ransomware Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.