The U.S. has issued a warning about the Black Basta ransomware group, which is reportedly behind a recent attack on healthcare provider Ascension. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) announced that Black Basta is targeting critical infrastructure sectors, particularly healthcare. The gang, believed to be based in Russia, employs spear-phishing emails and exploits software vulnerabilities to infiltrate systems.
Although the federal agencies have not specified the reasons for their warning, the timing coincides with an ongoing cyberattack against Ascension that began last Wednesday. Ascension has not confirmed the identity of the attackers, but CNN has cited sources indicating that the Black Basta ransomware was used in the hack.
This incident highlights the growing threat ransomware poses to the U.S. healthcare system. Earlier this year, a ransomware attack by another group, ALPHV/Blackcat, affected a UnitedHealth Group subsidiary, causing significant delays at hospitals and pharmacies nationwide. Despite a hefty $22 million ransom payment, the attack severely disrupted services and compromised patient data.
The Ascension attack has similarly disrupted key IT and clinical systems, affecting electronic health records, communication systems, and the management of medical procedures. Some Ascension hospitals have had to divert emergency services to manage patient care effectively.
It remains unclear if Ascension has received a ransom demand or if it intends to pay. As of now, Black Basta has not publicly acknowledged the attack on their dark web site.