Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang

We Keep you Connected

Cybereason Warns Global Organizations Against Destructive Ransomware Attacks From Black Basta Gang

The Royal Ransomware Group first emerged earlier this year, and so far has victimized dozens of companies around the world. The group appears to be operating under the supervision of other well known ransomware gangs, including Conti Group. The threat level from Royal attacks is HIGH and organizations should have precautionary steps to avoid falling victim.
Key Report Findings
Ransomware attacks can be stopped. Cybereason offers the following recommendations to organizations to reduce their risk:

  • Practice good security hygiene: For example, implement a security awareness program for employees and ensure operating systems and other software are regularly updated and patched.
  • Confirm key players can be reached at any time of day: Critical response actions can be delayed when attacks occur over holidays and weekends.
  • Conduct periodic table-top exercises and drills: Include key stakeholders from other functions beyondsecurity, such as Legal, Human Resources, IT, and top executives, so everyone knows their roles and responsibilities to ensure as smooth a response as possible.
  • Implement clear isolation practices: This will stop any further ingress on the network and prevent ransomware from spreading to other devices. Security teams should be proficient at things like disconnecting a host, locking down a compromised account, and blocking a malicious domain.
  • Consider locking down critical accounts when possible: The path attackers often take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Teams should create highly secured, emergency-only accounts in the active directory that are only used when other operational accounts are temporarily disabled as a precaution or inaccessible during a ransomware attack.
  • Deploy EDR on all endpoints: Endpoint detection and response (EDR) remains the quickest way for public and private sector businesses to address the ransomware scourge.

About Cybereason 

Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason Defense Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.
Learn more:
Follow us: Blog | Twitter | Facebook
Copyright © 2022 Informa PLC Informa UK Limited is a company registered in England and Wales with company number 1072954 whose registered office is 5 Howick Place, London, SW1P 1WG.