How Black Basta Uses ZoomInfo & RocketReach to Target Businesses
Cybercriminals aren’t just hacking anymore—they’re doing research. Groups like Black Basta, one of the most aggressive ransomware gangs today, are using business tools like ZoomInfo and RocketReach to gather employee data and launch targeted attacks.
A major case? The Ascension Health cyberattack in May 2024. Hospitals across the U.S. faced serious disruptions. The attack likely began with simple employee lookups on data broker platforms.
If your company data is easy to find online, you’re giving attackers exactly what they want.
Here’s how ransomware groups like Black Basta use these tools—and how to protect your business before it’s too late.
What Is Black Basta and How Do They Work?
Black Basta runs a ransomware-as-a-service (RaaS) operation. They’ve been active since 2022, mainly hitting healthcare, finance, government, and private businesses.
Their attacks follow a double-extortion model:
Encrypt a company’s files.
Threaten to leak the data if no ransom is paid.
Before any of that happens, they do weeks of research. That’s where data brokers come in.
How Cybercriminals Use ZoomInfo, RocketReach, and Clearbit
Tools like ZoomInfo, RocketReach, and Clearbit collect and sell business contact data. They’re meant for sales teams, but hackers use them too.
Here’s what these platforms give attackers:
Full names, job titles, and company hierarchy
Work emails, phone numbers, and LinkedIn profiles
Company size, industry, and revenue
Email formats that help guess login credentials
This data makes it easy to:
Find IT admins, HR staff, and top executives
Launch spear-phishing attacks with personalized emails
Bypass security by using social engineering
Target employees involved in payments or access control
This isn’t theoretical. It’s exactly how spear phishing and ransomware attacks start.
The Ascension Health Cyberattack: What Happened?
In May 2024, Ascension Health, one of the largest nonprofit hospital networks in the U.S., was hit by a ransomware group. Investigators have linked the breach to Black Basta ransomware.
The attackers didn’t guess. They targeted specific employees, likely using data from ZoomInfo or RocketReach.
Once they had enough information, they crafted emails that looked real—just enough to trick someone into handing over credentials.
This attack shows one thing clearly: data broker abuse is a major risk.
Protect Your Company from Data Broker Exploitation
1. Remove Company Info from Data Brokers
Start by removing your employee data from ZoomInfo, RocketReach, and other broker sites. It’s one of the best defenses against targeted attacks.
Use a professional data removal service that scans and scrubs your company information regularly.
One example:
MePrism Privacy – a platform that uses automation to monitor and remove employee data from broker databases, including people-search sites. It helps reduce exposure and keeps your data off hacker-friendly platforms.
Want to get started? Create an account now and begin removing your company’s data today.
2. Train Employees to Spot Spear Phishing
Even if your data is removed, people can still fall for tricks. Teach your team how to spot phishing emails and social engineering tactics.
Focus your training on:
Recognizing fake requests and urgent email language
Verifying anything that involves credentials or payments
Using password managers and strong, unique passwords
Reporting anything suspicious immediately
Most attacks start with one person clicking the wrong link. Don’t let that be your team.
3. Strengthen Your Cybersecurity Defenses
Your systems matter too. These basics make it harder for criminals to get through:
Enable multi-factor authentication (MFA) across all accounts.
Use AI-based email filtering to catch threats before they hit inboxes.
Keep software updated to patch known vulnerabilities.
Remove employee directories from your public-facing website.
The goal is simple: make it harder for attackers to get what they want.
4. Monitor for Leaked or Compromised Data
Even if you’ve cleaned up your presence, data leaks can still happen.
Use tools like:
Google Alerts to monitor for company email mentions
Have I Been Pwned? to check if employee emails have been in breaches
Dark web monitoring tools to find exposed credentials or internal files
Ongoing monitoring is part of good digital hygiene.
Don’t Wait for a Breach
Groups like Black Basta are getting smarter—and they’re using legitimate tools to carry out their attacks. If employee data is available online, your business is already exposed.
Here’s what to do now:
Remove your data from broker sites using a service built for businesses
Create a MePrism account and start removing exposed employee records
Train your team
Use MFA, filters, and monitoring
Keep checking for new exposures
This is how to stop ransomware before it starts. When you use mePrism, you’re not only getting cutting-edge privacy tools and expert support; you’re also joining a community that believes in a safer, more private internet for everyone. With professional rigor and an accessible approach, we empower you to take control of your digital life and reclaim the freedom that comes with true privacy. Your data, your decisions – that’s the promise we stand behind every day.
Ready to Try It?
You can get started for free — no credit card needed.
Click here to create your Free Basic account.Explore more from Our Team
Browse more posts written by our team to help you stay in control.
Be Part of the Conversation