Black Basta is a ransomware group discovered in early 2022 that have been attacking organizations across the world.  

 

 

“Targeted organizations are presented with a ransom demand after the ransomware has installed itself, encrypted files, and deleted shadow copies and other backups.” (Trip Wire). “If victims want the key to unlock their data, or prevent the Black Basta gang from leaking the data, they need to pay their extortionists a large amount of cryptocurrency.” 

 

This technique is known as double extortion. Black Basta is also expanding their methods of attack. 

 

“The emerging ransomware group has continued to improve its attacks: We recently caught it using the banking trojan QakBot as a means of entry and movement, and taking advantage of the PrintNightmare vulnerability (CVE-2021-34527) to perform privileged file operations.” (Trend Micro).  

 

“The cybersecurity community is split regarding whether the Black Basta group is associated with other well-known ransomware gangs or not. What does seem reasonable to believe is that they were, at the very least, inspired by the success of other ransomware-as-a-service operations.” (Trip Wire).  

 

It is advised to start taking precautions now in case Black Basta targets your organization through spear phishing or other methods of infiltration. 

 

“The best advice is to follow the same recommendations we have given on how to protect your organization from other ransomware. Those include: making secure offsite backups, running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities, using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication, encrypting sensitive data wherever possible, reducing the attack surface by disabling functionality that your company does not need, and educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data.” (Trip Wire).  

 

 

 

 

 

 

 

 

 

 

 

Sources: 

Trip wire. https://www.tripwire.com/state-of-security/security-data-protection/black-basta-ransomware-what-you-need-to-know/ 

Trend Micro. https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html