U.S. government agencies, such as the FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, issued an alert Friday about the Black Basta ransomware gang that targets the healthcare industry and 12 of the 16 critical infrastructure sectors, according to The Record, a news site by cybersecurity firm Recorded Future.
Click for more special coverage
The ransomware-as-a-service group usually conducts phishing attacks and known vulnerabilities against organizations but does not ask for payment information or ransom demands immediately, the agencies said.Victims communicate with the group through a unique code or link sent to them and are given between 10 and 12 days to send ransom payment before their stolen data is published.
The advisory warned that tools like the SoftPerfect network scanner are also being used by the group’s affiliates. Other vulnerabilities used by the group include NoPac, PrintNightmare and ZeroLogon.Healthcare organizations “are attractive targets for cybercrime actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions,” the agencies warned.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Cybersecurity firm Guardz reported that between March 18 and April 7, 2025, attackers used the outdated BAV2ROPC protocol, which bypasses MFA and modern protections by enabling non-interactive logins through basic credentials.
Six percent of organizations around the world were compromised with the FakeUpdates malware, also known as SocGholish, making it the most prevalent malicious payload in April, Hackread reports.
Moldovan law enforcement has apprehended a suspected DoppelPaymer ransomware attacker involved in intrusions against Dutch organizations, including the Netherlands Organization for Scientific Research, in 2021, according to The Record.
