A naukri.com initiative
Qualys
1M
22
Image Credit: Qualys
Black Basta Ransomware: What You Need to Know
- Black Basta is a ransomware group that demands payment for the decryption and non-release of stolen data, first spotted in April 2022.
- To date, 500+ organizations in North America, Europe, and Australia have been impacted by Black Basta affiliates gaining initial access through common methods like phishing, Qakbot, Cobalt Strike, and exploitation of known vulnerabilities.
- Black Basta is noted for its use of double extortion techniques, where the group demands payment for the decryption and non-release of stolen data.
- Black Basta is also known to exploit various vulnerabilities for initial access, privilege escalation, and lateral movement.
- A list of known tools that the Black Basta group abuses includes malware, adversary emulation, and legitimated tools.
- Once inside, the bad actors move laterally within the network to identify critical systems and data before deploying ransomware.
- Black Basta has been associated with the FIN7 threat actor due to similarities in custom modules for evading Endpoint Detection and Response (EDR) systems.
- The Black Basta infection chain usually starts with a spear phishing email campaign that delivers a malicious link or attachment to the victim.
- Black Basta uses the ChaCha20 algorithm to encrypt files and the ransomware binary uses vssadmin.exe to delete the shadow copy files to prevent system recovery.
- Qualys Endpoint Detection and Response (EDR) customers use hunting queries to detect suspicious activities associated with Black Basta Ransomware.
Read Full Article
1 Like
For uninterrupted reading, download the app