LinkedMa Logo
Site is Under Maintenance
Please come back again in...
00 Days
00 Hours
00 Minutes
00 Seconds

Black Basta may be an all-star ransomware gang made up of former Conti and REvil members

TEAM
Please wait 0 seconds...
Scroll Down and click on Go to Link
Congrats! Link is Generated

The group has targeted 50 businesses from English speaking countries since April 2022.

report organizations ransomware
Image: normalfx/Adobe Stock

Earlier this month, a report surfaced that former ransomware group Conti had split up, with many members of the collective joining or creating new adversary factions and why that made these former members more dangerous than ever. As of today, this may have become a reality. A new ransomware group by the name of Black Basta has become notable in the ransomware game, having formed in April 2022 and believed to be made up of former Conti and REvil members.

The current members of Conti dispute sharing any involvement with the new group however, saying that the Black Basta group are simply “kids” according to Conti’s hacking forum.

Findings released today by XDR company Cybereason detail the activities of this new gang, along with ways that both companies and individuals can attempt to remain safe against the activities of this newly-formed group.

Black Basta emerging as a ransomware group

To start, the hacking collective has already victimized 50 organizations in the United States, United Kingdom, Australia, New Zealand and Canada in the short time it has been around. Cybereason says it believes that former members of some of the preeminent hacking groups make up the new gang due to the nature of their attacks and their chosen targets.

“Since Black Basta is relatively new, not a lot is known about the group,” said Lior Div, Cybereason CEO and co-founder. “Due to their rapid ascension and the precision of their attacks, Black Basta is likely operated by former members of the defunct Conti and REvil gangs, the two most profitable ransomware gangs in 2021.”

The ransomware employed by Black Basta is a new one, according to Cybereason, which uses double extortion techniques. The gang steals the files of a victim organization, and then threatens to publish the stolen files if the ransom demands are not met. The group allegedly had been demanding up to millions of dollars from their victims to keep the stolen data private, according to Cybereason.

The attack itself is carried out through partnership with QBot malware, streamlining the ransomware process for groups such as Black Basta, allowing for easier reconnaissance while collecting data on the target. Once a proper amount of surveillance has been done by Black Basta, the gang targets the Domain Controller, and moves laterally using PsExec.

The adversary then disables Windows Defender and any other antivirus software through use of a compromised Group Policy Object. Once any defense software has been disabled, Black Basta deploys the ransomware using an encoded PowerShell command that leverages Windows Management Instrumentation to push out the ransomware to IP addresses specified by the group.

SEE: Mobile device security policy

How can organizations protect themselves from this ransomware?

As always, employing a zero trust architecture can assist with preventing these types of attacks from affecting an organization. By not trusting any file or link until it has been adequately verified to be legitimate, businesses and their employees can save a great deal of time and headache by doing everything they can to avoid falling victim. Additionally, ensuring that all system patches are up to date can help with this process as well. Ransomware groups have been found to take advantage of vulnerabilities in a number of outdated software items such as the Windows Print Spooler exploit observed in May 2022. Lastly, always ensure that all antivirus software is up to date as well.

Post a Comment

Read also:
Flash Sale! Do Shopify customization or bug fixing. Get It Now
Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using AdBlock Extension in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your AdBlock Settings.
Site is Blocked
Sorry! This site is not available in your country.