The hacking group that reportedly attacked St. Louis-based Ascension typically gives victims between 10 to 12 days to pay ransom before leaking their data.
Black Basta ransomware was used to hack the 140-hospital system, CNN reported May 10, citing four unnamed sources. Black Basta affiliates usually send a ransom note — without a monetary demand — asking the victim to contact the group through the anonymous browser Tor, HHS and two other federal agencies said May 10. The cybercriminal gang has been targeting the healthcare industry.
"Typically, the ransom notes give victims between 10 and 12 days to pay the ransom before the ransomware group publishes their data on the Black Basta Tor site, Basta News," the HHS notice said.
Ascension took IT systems offline following the May 8 hack, causing ambulance diversions and canceled appointments at its hospitals around the country. An Ascension spokesperson said May 13 the health system continues to respond to the ransomware attack but did not name the group responsible.
The Black Basta group uses phishing and exploitation of known vulnerabilities to access networks, then deploys a "double extortion" model, both encrypting systems and stealing data, according to the HHS alert.