DNS Early Detection - Breaking the Black Basta Ransomware Kill Chain

Aug. 2, 2024, 9:03 a.m.

Description

This intelligence analysis examines the Black Basta ransomware campaign, which has significantly impacted businesses and critical infrastructure across North America, Europe, and Australia. The report highlights Infoblox's ability to identify and block over 78% of the malicious domains associated with Black Basta, on average 59.5 days prior to their availability in open-source intelligence (OSINT) sources. Infoblox's DNS Early Detection capability enabled the proactive blocking of these malicious domains, potentially preventing data theft, legal implications, and other consequences for affected organizations.

Date

  • Created: Aug. 2, 2024, 8:43 a.m.
  • Published: Aug. 2, 2024, 8:43 a.m.
  • Modified: Aug. 2, 2024, 9:03 a.m.

Indicators

  • kekeoamigo.com

Attack Patterns

  • Black Basta - S1070
  • Black Basta

Additional Informations

  • Healthcare
  • Government

Linked vulnerabilities