The Black Basta ransomware group has been active since at least February 2022, according to researchers from security firm Check Point. The cybercriminal group has targeted businesses and individuals in the U.S., Canada, Australia and New Zealand, among other countries.
Black Basta is a new entrant in the crowded RaaS market. The group has been active since February 2022 and appears to be run by an individual known as “Bastard.” Early indications are that they employ primarily Italian-speaking individuals, although they do not require their affiliates to speak Italian. Black Basta uses a variety of malware families in its attacks, including Quakbot malware and Ryuk ransomware, as well as other malware such as CryptXXX (which was previously associated with Locky).
Like other groups we have analyzed that operate under this model, Black Basta is highly motivated by profit—and more so than most traditional cybercrime groups based on our analysis of data from numerous sources including law enforcement investigations and open source information about past operations conducted by this group.
Like other RaaS groups such as Dharma and REvil, the Black Basta ransomware gang is known to deploy the tried-and-tested tactic of double extortion. The group first demands an initial payment, followed by a second ransom demand if victims do not pay in time.
The group has also been observed targeting a range of industries including manufacturing, construction, transportation/logistics/freight forwarding/trucking companies; telcos; pharmaceuticals & cosmetics; plumbing & heating contractors; automobile dealerships; undergarments manufacturers
While most ransomware groups actively target businesses, Black Basta has notoriously targeted individuals as well.
The security outfit also said it has been able to verify that the group has targeted at least 47 organizations – 30 in the U.S., nine in Canada, four in Australia, two in New Zealand, and one in the U.K. – with these attacks occurring between March and May 2021.
Most recently, it was discovered that Black Basta had successfully infected a high-profile Australian law firm—which affected over 10% of its lawyers' email accounts with malicious JavaScript attachments containing encrypted files (known as PE files).
In order to protect your computer and data, new malware threats such as Black Basta should be taken seriously. Black Basta's cybercriminal activity is common to other ransomware attacks, but they have been particularly prolific this year. As described , the group has amassed nearly 50 victims in the U.S., Canada, the U.K., Australia, and New Zealand within three months of its emergence in the wild.
In conclusion, ransomware is a very real threat and it poses a great risk to businesses. Unfortunately, most of us don’t even realize we have been attacked until it’s too late. However, as technology advances at such a rapid pace these days, there are also many new ways to combat these kinds of attacks. The most important thing for companies to do is keep an eye out for any suspicious activity on their network or computers so that they can act quickly before any damage can be done.