What is Black Basta?

Black Basta is a relatively new family of ransomware, first discovered in April 2022.

Although only active for the past couple of months, the Black Basta ransomware is thought to have already hit almost 50 organisations – first exfiltrating data from targeted companies, and then encrypting files on the firm’s computer systems.

Victims have reportedly been hit in countries around the world including the United States, UK, India, Canada, Australia, New Zealand, and UAE.

50 companies in a couple of months? That sounds like a lot. And then the gang demands money?

Correct. Targeted organisations are presented with a ransom demand after the ransomware has installed itself, encrypted files, and deleted shadow copies and other backups.

black basta message

If victims want the key to unlock their data, or prevent the Black Basta gang from leaking the data, they need to pay their extortionists a large amount of cryptocurrency.

Who is being hit by the Black Basta ransomware?

The ransomware attacks do not appear to be targeting a specific vertical or industry, with reports of infections at a range of victims including manufacturing, utilities, transport, and government agencies.

basta victims

These victims will have found that having secure backups is not a complete solution. Backups may help you get your company back up and running again, but it doesn’t stop Black Basta from publishing data it has stolen from your servers on its site on the dark web.

basta leaked data

So what makes Black Basta noteworthy?

Aside from the rapidly-growing list of victims and a surfeit of new variants, there are some other things that make the Black Basta ransomware interesting.

Recently, VMWare ESXi variants of Black Basta have been discovered that target virtual machines running on Linux servers, alongside the versions which infect Windows systems.

In addition, many of the attacks have (Read more...)