Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Black Basta Ransomware Uses Phishing Flood to Compromise Orgs

    Black Basta Ransomware Uses PhishingRapid7 reports an interesting social engineering scheme that easily bypasses content filtering defenses and creatively uses a fake help desk to supposedly “help” users put down the attack.

    The Black Basta ransomware group, also covered in a recent CISA warning bulletin, floods a victim’s email inbox with many, many emails. The emails are often otherwise legitimate emails, such as newsletter confirmation emails, which most email content filtering gateways would not block. The ransomware gang then makes contact with the victim, pretends to be the victim’s legitimate IT help desk, and offers help.

    That help includes the “help desk’s” need to install legitimate remote management software. The attacker then uses the remote access to install other malware and to compromise other systems. Like most ransomware groups, the end objective often includes encrypted files, operational interruption and exfiltrated data.

    Defenses

    Defenses include:

    • Educate your users about these types of tactics.
    • Educate users to report incidents of mass email spam flooding to IT security operations, even if emails appear to be legitimate or are made up of spam versus traditional phishing lures.
    • Ensure all users understand how your IT department would contact them and how remote control assistance would be performed if needed.
    • As Rapid7 recommends, it can’t hurt to blocklist common remote management software services so they cannot be used in unauthorized connections.

    Security awareness training includes making all users aware of the many types of social engineering schemes. Black Basta adds one more scenario that users should be aware of.

     

    Return To KnowBe4 Security Blog

    Free Ransomware Simulator Tool

    Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    RansIm-Monitor3Here's how it works:

    • 100% harmless simulation of real ransomware and cryptomining infections
    • Does not use any of your own files
    • Tests 25 types of infection scenarios
    • Just download the install and run it 
    • Results in a few minutes!

    Get RanSim!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/ransomware-simulator

    Topics: Social Engineering, Phishing, Ransomware

    Roger Grimes

    ABOUT ROGER GRIMES

    Roger A. Grimes is Data-Driven Defense Evangelist at KnowBe4. He is a 30-year computer security professional, author of 13 books and over 1,200 national magazine articles. He frequently consults with international organizations of all sizes and many of the world’s militaries. Grimes regularly presents at national computer security conferences, and is known for his often contrarian, fact-filled viewpoints.

    Read more from Roger »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews