We’re learning more about a new ransomware group called Black Basta, who has extorted more than 50 companies globally since becoming active in April 2022.
Cybereason is sounding a loud alarm, categorizing its Black Basta threat alert as “highly dangerous/severe,” in accordance with Federal Bureau of Investigation (FBI) and U.S. Department of Justice (DOJ) classification.
Black Basta Traces Lineage to Conti Hacking Group
Black Basta is comprised of founding members from the recently disbanded Conti hacking group, according to Cybereason. Using double extortion schemes via VMWare running in Linux servers, Black Basta has reportedly demanded as much as $2 million from some companies.
Double extortion works when attackers penetrate a victim’s network, steal sensitive information by moving laterally through organizations and threaten to publish the stolen data unless the ransom demand is paid, Cybereason explains.
Black Basta’s ability to steal data includes documents before it’s encrypted into the company’s system. The group then demands a ransom to stop the data from being leaked and to obtain a decryptor to unlock the stolen data.
“High Severity” Attacks on a Wide Range of Industries
Here are key findings from the Cybereason report:
Lior Div, Cybereason CEO and Co-founder, commented on the ongoing situation:
“Since Black Basta is relatively new, not a lot is known about the group. Due to their rapid ascension and the precision of their attacks, Black Basta is likely operated by former members of the defunct Conti and REvil gangs, the two most profitable ransomware gangs in 2021.”
Cybereason is a Boston-based XDR company partnering with defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem.
Check out the Cybereason research and the media alert.
