Black Basta could be an all-star ransomware gang consisting of former members of Conti and REvil
The group has been targeting 50 businesses from English-speaking countries since April 2022.
Earlier this month, a Reports appear that the old ransomware group Conti broke up, with many members of the collective joining or creating new rival factions and why that makes these old members more dangerous than ever. As of today, this may have become a reality. A new ransomware group called Black Basta has become notable in the ransomware game, founded in April 2022 and is believed to include Conti and Member of REvil.
However, current members of Conti dispute sharing any involvement with the new group, saying that the Black Basta team are simply “kids” according to Conti’s hacking forum.
Result released today by XDR company Cybereason details the activities of this new gang, along with ways both companies and individuals can try to stay safe from the activities of this newly formed gang.
Black Basta emerges as a ransomware group
To begin with, the hacking collective fell victim to 50 organizations in the United States, United Kingdom, Australia, New Zealand, and Canada in a short time. Cybereason says it believes former members of some of the preeminent hacking groups make up the new gang due to the nature of the attacks and their chosen targets.
“As Black Basta is relatively new, not much is known about the group yet,” said Lior Div, CEO and co-founder of Cybereason. “Due to the rapid advancement and precision of the attacks, Black Basta was likely run by former members of the now-defunct Conti and REvil gangs, two well-eared ransomware gangs. by 2021.”
The ransomware According to Cybereason, Black Basta recruited a new employee, using dual extortion techniques. The gang steals files from a victim organization, and then threatens to release the stolen files if the ransom demand is not met. According to Cybereason, the group allegedly demanded millions of dollars from their victims to keep stolen data private.
The attack itself is done through a partnership with QBot . Malware, streamlines the ransomware process for groups like Black Basta, allowing for easier reconnaissance while gathering data on the target. After Black Basta did an appropriate amount of surveillance, the gang targeted the Domain Controller and moved horizontally using PsExec.
The adversary then disables Windows Defender and any other anti-virus software through the use of the Compromised Group Policy Object. After any defenses have been disabled, Black Basta deploys the ransomware using an encrypted PowerShell command that leverages Windows Management Tools to push the ransomware to IP addresses specified by the team.
UNDERSTAND: Mobile device privacy policy (TechRepublic Premium)
How can organizations protect themselves from this ransomware?
As always, use a architecture is not reliable can help prevent these types of attacks from affecting an organization. By not trusting any file or link until it has been fully verified as legitimate, businesses and their employees can save a lot of time and headaches by doing everything right. possible to avoid becoming a victim. Additionally, ensuring that all system patches are up to date can also help with this process. Ransomware groups have been found to take advantage of vulnerabilities in some outdated software such as Windows Print Spooler mining observed in May 2022. Finally, always make sure that all anti-virus software also updated.
