The Black Basta ransomware-as-a-service (RaaS) syndicate gathered nearly 50 victims in the United States, Canada, United Kingdom, Australia and New Zealand within two months of its occurrence, making it a great threat in the short time.
"Black Basta targets a variety of industries including manufacturing, construction, transportation, telecommunications, pharmaceuticals, cosmetics, plumbing and heating, car dealerships, underwear manufacturers, etc," Cybereason said in a statement.
Evidence shows that the ransomware strain was still in development as of February 2022 and was only used in attacks from April onwards, after being reported on secret forums with the intention of buying access to the corporate network and making money.
Like other ransomware operations, Black Basta is known for using proven double ransom tactics to steal sensitive data from its targets and threaten to reveal stolen data unless digital payments are made.
Threat-related intrusions use QBot (also known as Qakbot) as a means of collecting data before piercing the network and deploying malware.
Additionally, the actors behind Black Basta have developed a Linux variant designed to attack VMware ESXi virtual machines (VMs) held on corporate servers, putting them on a par with other groups like LockBit, Hive, and Cheerscrypt.
Black Basta is believed to be made up of members belonging to the Conti Group after it ceased operations in response to a major leak that saw its tools and tactics enter the public domain after it allied with Russia in the war against Ukraine. .
The Black Basta ransomware-as-a-service (RaaS) syndicate racked up nearly 50 victims in the US, Canada, UK, Australia and New Zealand within two months of its emergence, making it a prominent threat.
However, evidence indicates that the ransomware strain was still in development as of February 2022 and only began to be used in attacks from April onwards, after being announced on underground forums with the intention of buying and monetizing access to the corporate network. for a share of the profits.
Similar to other ransomware operations, Black Basta is known to employ the tried-and-true double extortion tactic to loot targets' confidential information and threaten to publish the stolen data unless a digital payment is made.
The actors behind Black Basta have developed a variant of Linux designed to attack VMware ESXi virtual machines (VMs) running on corporate servers, putting it on par with other groups such as LockBit, Hive, and Cheerscrypt.
PROTECT YOUR BUSINESS
Cybercriminals are constantly creating new ways to take advantage of employees, infiltrate networks, and steal private information.
We provide the best solution to protect your business against sophisticated cyberattacks. Contact us for more information!