BlackBasta Ransomware Targets U.S. Dermatology Partners in Latest Cyber Attack
Incident Date:
July 15, 2024
Overview
Title
BlackBasta Ransomware Targets U.S. Dermatology Partners in Latest Cyber Attack
Victim
U.S. Dermatology Partners
Attacker
Blackbasta
Location
First Reported
July 15, 2024
BlackBasta Ransomware Group Targets U.S. Dermatology Partners in Latest Cyber Attack
Overview of U.S. Dermatology Partners
U.S. Dermatology Partners is one of the largest dermatology practices in the United States, with over 100 locations across eight states, including Arizona, Colorado, Kansas, Maryland, Missouri, Oklahoma, Texas, and Virginia. The practice serves more than 2 million patients annually, offering a comprehensive range of medical, surgical, and cosmetic dermatology services. The organization is known for its patient-first approach and its team of board-certified dermatologists who specialize in areas such as clinical research, psoriasis, and Mohs micrographic surgery.
Details of the Ransomware Attack
The BlackBasta ransomware group has claimed responsibility for a recent cyber attack on U.S. Dermatology Partners. The attackers have not disclosed the specific amount or type of data exfiltrated in this incident. This marks the second time the healthcare provider has been targeted by cybercriminals. Previously, on June 26th, the hacker group BianLian claimed to have exfiltrated 300 GB of sensitive information, including personal data, accounting records, budget and financial data, contract details, non-disclosure agreements (NDAs), and employee profiles.
About BlackBasta Ransomware Group
BlackBasta is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that emerged in early 2022. The group is believed to have connections to the defunct Conti threat actor group. BlackBasta targets organizations in the US, Japan, Canada, the United Kingdom, Australia, and New Zealand using a double extortion tactic. They encrypt critical data and threaten to publish sensitive information on their public leak site if the ransom is not paid. The group employs various strategies to gain initial access, including spear-phishing campaigns, insider information, and buying network access.
Potential Vulnerabilities and Penetration Methods
U.S. Dermatology Partners, like many healthcare providers, is a prime target for ransomware groups due to the sensitive nature of the data they handle. The practice's extensive network of over 100 locations and its large patient base make it a lucrative target. BlackBasta could have penetrated the company's systems through spear-phishing campaigns, exploiting vulnerabilities in their network, or using insider information. Once inside, the group likely used tools like QakBot and Mimikatz for lateral movement and credential harvesting, followed by data exfiltration and encryption.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.