Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Ascension hit by ransomware attack linked to Black Basta

Incident
First reported
Last updated
Happening score
H score 10
1 unique sources, 1 articles

Summary

Hide ▲

Ascension suffered a Black Basta ransomware attack that stole personal and medical information tied to nearly 5.6 million individuals. The intrusion also disrupted access to electronic health records, creating a major operational impact for the healthcare provider. Initial access reportedly began with a malicious link and escalated through Kerberoasting against Active Directory service accounts.

Related Happenings

Pay2Key ransomware campaign accelerated by US-Iran tensions

Campaign
First: 26.03.2026 12:45 Last: 26.03.2026 12:45 Sources 1

About this happening: Pay2Key's ransomware operation appears to have accelerated amid **recent US-Iran tensions**, indicating an active campaign with broader victimization risk. The group has been acti...

Open Happening

Pay2Key ransomware activity with enhanced evasion and anti-forensics

Malware Activity
First: 26.03.2026 12:45 Last: 26.03.2026 12:45 Sources 1

About this happening: **Pay2Key** has re-emerged as a **ransomware** threat with enhanced **evasion, execution and anti-forensics** capabilities, increasing the difficulty of detection and response. Th...

Latest development: 31.03.2026 16:31

Iran has revived Pay2Key by recruiting affiliates from Russian cybercriminal forums and positioning the ransomware operation as a punitive arm of the Iranian state against high-impact US targets. KELA says the activity blends ransomware, pseudo-ransomware, and destructive wiper-like behavior, and that Iran-backed APT Agrius is also using Apostle malware, retrofitted from a data wiper into a ransomware variant, to obscure geopolitical motives.

Open Happening

2025 Ransomware trend toward built-in Windows tooling and lower ransom payment rates

Target Trend
First: 17.03.2026 23:41 Last: 17.03.2026 23:41 Sources 1

About this happening: **Ransomware operators** are increasingly leaning on **built-in Windows tooling** while **ransom payment rates** continue to decline across **2025**, weakening extortion returns f...

Open Happening

SmarterMail initial-access ransomware campaign with delayed encryption

Campaign
First: 18.02.2026 18:27 Last: 18.02.2026 18:27 Sources 1

About this happening: A **SmarterMail** ransomware campaign is using newly disclosed email-server flaws for **initial access** and delaying encryption, raising the risk that exposed mail systems become...

Open Happening

SmarterTools hit by ransomware attack

Incident
First: 09.02.2026 14:02 Last: 09.02.2026 14:02 Sources 1

About this happening: **SmarterTools** suffered a **ransomware attack** on **January 29** after attackers used an **unpatched SmarterMail VM** to gain access, disrupting the company’s **office network*...

Latest development: 10.02.2026 12:24

ReliaQuest identified activity likely tied to Warlock on SmarterTools systems that abused CVE-2026-23760 to bypass SmarterMail authentication, stage ransomware payloads on internet-facing systems, and chain the access with the software's built-in Volume Mount feature to gain full system control before installing Velociraptor; CISA also confirmed CVE-2026-24423 was being exploited in ransomware attacks.

Open Happening

Timeline

  1. 11.09.2025 17:51 2 articles · 8mo ago

    Ascension Black Basta ransomware attack disclosed

    Initial Disclosure

    Ascension suffered a Black Basta ransomware attack that disrupted access to electronic health records and stole personal and medical information tied to nearly 5.6 million individuals. The intrusion reportedly began when a contractor clicked a malicious link after a Bing search, then escalated through malware infection, insecure Microsoft default settings, and Kerberoasting against Active Directory service accounts.

    Show sources
    Open in new tab