DNS Early Detection – Breaking the Black Basta Ransomware Kill Chain

**Executive Summary:** This Infoblox bulletin summarizes the Black Basta ransomware campaign (active since April 2022) which has impacted critical infrastructure—particularly healthcare—using phishing and exploitation of known vulnerabilities to perform double-extortion; it maps MITRE ATT&CK TTPs, lists malicious domains and demonstrates that Infoblox DNS early-detection flagged ~78% of those domains an average of 59.5 days before OSINT, recommending Protective DNS and threat-intel feeds to mitigate risk.