We're finding out more about the Black Basta ransomware organization, which has extorted more than 50 businesses worldwide since it started operating in April 2022.
Cybereason is sounding the alarm, categorizing its Black Basta threat alert as “highly dangerous/severe,” in accordance with Federal Bureau of Investigation (FBI) and U.S. Department of Justice (DOJ) classification.
According to Cybereason, the initial members of Black Basta were part of the recently defunct Conti hacker organization. Black Basta has reportedly demanded as much as $2 million from some businesses using double extortion techniques through VMWare operating on Linux servers.
Double extortion occurs when hackers break into a victim's network, steal confidential data by moving laterally through businesses, and then threaten to release the material if the ransom demand isn't met.
Documents can be stolen by Black Basta before they are encrypted and entered into the company's system. In order to stop the data from being exposed and to obtain a decryptor to unlock the stolen material, the organization then demands a ransom.
Here are key findings from the Cybereason report:
- Targets VMware ESXi. Black Basta’s Linux variant targets VMware ESXi virtual machines (VMs) running on enterprise Linux servers.
- High Severity. The Cybereason Nocturnus Team assesses the threat level as “high severity” given the destructive potential of the attacks.
- Targeting English-Speaking countries. Black Basta specifically targeting the United States, Canada, United Kingdom, Australia and New Zealand.
- Targeting Wide Range of Industries. Black Basta is targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers and more.
- Human Operated Attack. Prior to the deployment of the ransomware, the attackers attempt to infiltrate and move laterally throughout the organization, carrying out a fully-developed RansomOps attack
“Since Black Basta is relatively new, not a lot is known about the group. Due to their rapid ascension and the precision of their attacks, Black Basta is likely operated by former members of the defunct Conti and REvil gangs, the two most profitable ransomware gangs in 2021."
Cybereason is a Boston-based XDR company partnering with defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem.
Your business could be at risk if you do not take your cybersecurity seriously. Let Reis Informatica help you and your business handle your security needs so you can focus on the important stuff! Schedule a complimentary business systems assessment today!