This post was written with contributions from Chris Caridi and Kat Weinberger.
IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers not only execute ransomware but also steal data and threaten to release it publicly if the ransom demands are not met. The data disclosure element of these attacks takes place on a data leak site available on the Tor network. As a mechanism to apply pressure to coerce the victim to pay the ransom, the operators of Black Basta will gradually release stolen data on the leak site.
The Black Basta group is still in the early stages of their organization and X-Force has not observed any attempts to advertise the malware or hire affiliates on underground forums. Due to operational similarities and the absence of affiliation attempts, it has been reported that Black Basta may potentially be a rebranded version of the Conti gang, a well-known ransomware group that already has affiliates. However, the Conti group announced on May 12 that they had no affiliations with the Black Basta ransomware group. X-Force’s assessment of the possible relationship between these groups is ongoing.
The Black Basta ransomware variant acts at such a high speed that it rarely causes symptoms that would tip off defenders to the compromise before the ransomware has been deployed.
This blog post will de ..
Support the originator by clicking the read the rest link below.
