Cybersecurity Threat Advisory: Black Basta Ransomware Group Threat

A new critical security alert requires the mission-critical community’s immediate attention.

Advisory Overview

The Black Basta ransomware group is revamping an older malware known as Qbot, Qakbot, and Pinkslipbot to exploit the Microsoft Exchange server. A successful attack will enable cyberattackers to gain target network access, collect critical personal information, and encrypt the network. MCP recommends updating all vulnerable Microsoft Exchange servers in your environment as soon as possible to avoid potential impact.

What Is the Threat?

A Microsoft Exchange server vulnerability exists. By exploiting an unpatched server, one can gain access to the server and collect banking credentials, and other financial information, and encrypt networks. Experts reported that cyberattackers are evading antivirus detection by disabling Windows Defender.

What Is the Risk?

When exploited, this vulnerability enables cyberattackers to have complete and unrestricted access to the target network, potentially leading to a ransomware event that can cause temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses, and potential harm to an organization’s reputation.

What Are the Recommendations?

MCP recommends the following actions to limit the impact of an arbitrary code execution attack:

• Monitor external access to your networks and update all vulnerable Microsoft Exchange servers in your environment as soon as possible.
• Keep all servers updated to enforce security measures.
• Continue to stay up to date with our threat advisories to avoid potential threats.

If you are looking for guidance, please reach out. MCP offers a comprehensive cybersecurity solutions suite for critical infrastructure organizations to help them determine their network, data, and application vulnerabilities. We can help you develop a complete cyberattack prevention strategy. Contact us today to learn more.

References

• Black Basta Ransomware Teams Up with Malware Stalwart Qbot | Threatpost

• Microsoft: Exchange servers hacked to deploy BlackCat ransomware (bleepingcomputer.com)