How Black Basta Uses ZoomInfo & RocketReach to Target Businesses

Cybercriminals aren’t just hacking anymore—they’re doing research. Groups like Black Basta, one of the most aggressive ransomware gangs today, are using business tools like ZoomInfo and RocketReach to gather employee data and launch targeted attacks.

A major case? The Ascension Health cyberattack in May 2024. Hospitals across the U.S. faced serious disruptions. The attack likely began with simple employee lookups on data broker platforms.

If your company data is easy to find online, you’re giving attackers exactly what they want.

Here’s how ransomware groups like Black Basta use these tools—and how to protect your business before it’s too late.

What Is Black Basta and How Do They Work?

Black Basta runs a ransomware-as-a-service (RaaS) operation. They’ve been active since 2022, mainly hitting healthcare, finance, government, and private businesses.

Their attacks follow a double-extortion model:

• Encrypt a company’s files.

• Threaten to leak the data if no ransom is paid.

Before any of that happens, they do weeks of research. That’s where data brokers come in.

How Cybercriminals Use ZoomInfo, RocketReach, and Clearbit

Tools like ZoomInfo, RocketReach, and Clearbit collect and sell business contact data. They’re meant for sales teams, but hackers use them too.

Here’s what these platforms give attackers:

• Full names, job titles, and company hierarchy

• Work emails, phone numbers, and LinkedIn profiles

• Company size, industry, and revenue

• Email formats that help guess login credentials

This data makes it easy to:

• Find IT admins, HR staff, and top executives

• Launch spear-phishing attacks with personalized emails

• Bypass security by using social engineering

• Target employees involved in payments or access control

This isn’t theoretical. It’s exactly how spear phishing and ransomware attacks start.

The Ascension Health Cyberattack: What Happened?

In May 2024, Ascension Health, one of the largest nonprofit hospital networks in the U.S., was hit by a ransomware group. Investigators have linked the breach to Black Basta ransomware.

The attackers didn’t guess. They targeted specific employees, likely using data from ZoomInfo or RocketReach.

Once they had enough information, they crafted emails that looked real—just enough to trick someone into handing over credentials.

This attack shows one thing clearly: data broker abuse is a major risk.

Protect Your Company from Data Broker Exploitation

1. Remove Company Info from Data Brokers

Start by removing your employee data from ZoomInfo, RocketReach, and other broker sites. It’s one of the best defenses against targeted attacks.

Use a professional data removal service that scans and scrubs your company information regularly.

One example:
MePrism Privacy – a platform that uses automation to monitor and remove employee data from broker databases, including people-search sites. It helps reduce exposure and keeps your data off hacker-friendly platforms.

Want to get started? Create an account now and begin removing your company’s data today.

2. Train Employees to Spot Spear Phishing

Even if your data is removed, people can still fall for tricks. Teach your team how to spot phishing emails and social engineering tactics.

Focus your training on:

• Recognizing fake requests and urgent email language

• Verifying anything that involves credentials or payments

• Using password managers and strong, unique passwords

• Reporting anything suspicious immediately

Most attacks start with one person clicking the wrong link. Don’t let that be your team.

3. Strengthen Your Cybersecurity Defenses

Your systems matter too. These basics make it harder for criminals to get through:

• Enable multi-factor authentication (MFA) across all accounts.

• Use AI-based email filtering to catch threats before they hit inboxes.

• Keep software updated to patch known vulnerabilities.

• Remove employee directories from your public-facing website.

The goal is simple: make it harder for attackers to get what they want.

4. Monitor for Leaked or Compromised Data

Even if you’ve cleaned up your presence, data leaks can still happen.

Use tools like:

• Google Alerts to monitor for company email mentions

• Have I Been Pwned? to check if employee emails have been in breaches

• Dark web monitoring tools to find exposed credentials or internal files

Ongoing monitoring is part of good digital hygiene.

Don’t Wait for a Breach

Groups like Black Basta are getting smarter—and they’re using legitimate tools to carry out their attacks. If employee data is available online, your business is already exposed.

Here’s what to do now:

• Remove your data from broker sites using a service built for businesses

• Create a MePrism account and start removing exposed employee records

• Train your team

• Use MFA, filters, and monitoring

• Keep checking for new exposures

This is how to stop ransomware before it starts. When you use mePrism, you’re not only getting cutting-edge privacy tools and expert support; you’re also joining a community that believes in a safer, more private internet for everyone. With professional rigor and an accessible approach, we empower you to take control of your digital life and reclaim the freedom that comes with true privacy. Your data, your decisions – that’s the promise we stand behind every day.

Explore more from Our Team

Browse more posts written by our team to help you stay in control.