Black Basta ransomware is out and about, again.
N2K logoOct 18, 2023

Black Basta surfaces in an attack on an advertising manager.

Black Basta ransomware is out and about, again.

Black Basta ransomware has surfaced in some recent attacks against high-profile targets. The gang, generally believed to be affiliated with the FIN7 criminal group, claimed, over the weekend to have successfully compromised Ampersand, a large seller of television advertising. Ampersand is owned by the US T.V. service providers Comcast Corporation, Charter Communications, and Cox Communications. 

The response to, and potential effect of, Black Basta's attack.

The Record quotes Ampersand as saying that it’s dealing with the incident. The company said, “Ampersand recently experienced a ransomware incident that briefly interrupted regular operations. We have restored a majority of normal business operations and are working with third-party advisors and law enforcement to address this issue.”

It’s unclear what data were taken, but Ampersand provides viewership data to advertisers from roughly 85 million households.

In some respects, this is return criminal business.

Kevin Kirkwood, Deputy CISO at LogRhythm, offered some perspective from recent ransomware history. "This week," he wrote in emailed comments, "TV advertising sales and technology industry leader, Ampersand, revealed that they have suffered a ransomware attack. While it is still unclear what data has been breached, the Black Basta ransomware gang has claimed responsibility. In recent years, all three companies under Ampersand’s ownership have experienced cybersecurity incidents. In 2021, Cox dealt with a ransomware attack from Iranian actors, Charter suffered a data breach exposing 550,000 customer details through a third-party, and Comcast faced a wave of account hacking reports from its customers in December."

And he offers some advice, no less sound for being familiar. "As long as threat actors continue to exploit vulnerabilities in defense systems, these organizations remain at risk. To mitigate these threats, organizations should implement a comprehensive cybersecurity posture consisting of incident and response plans as well as preventative measures. This includes threat detection, password hygiene, comprehensive backups, prioritizing end-user training, and regular patching. Adopting these practices will allow organizations to build a strong cybersecurity defense and protect customer data."