"Black Basta Ransomware Becomes Major Threat in Two Months"

Security researchers have analyzed Black Basta ransomware and stated that it had become a significant new threat in just a couple of months.  Evidence suggests it was still in development in February 2022 and only became operational in April 2022.  Since then, the Black Basta group has claimed responsibility for 36 victims in English-speaking countries, and the number is growing.  Researchers at Cybereason have recently reported that it became known in early June that the new Black Basta group has partnered with the QBot malware operation to spread their ransomware.  The researchers noted that a QBot partnership is a well-worn path, with criminal groups including MegaCortex, ProLock, DoppelPaymer, Conti, and Egregor all having done the same.  QBot has many built-in capabilities that are very useful for attackers.   The researchers noted that Black Basta is copying the techniques of the major ransomware gangs.  Its rapid rise has led to some researchers speculating that the gang might be related to Conti.  The researchers noted that there are several similarities between the two operations, including the appearance of the leak Tor site, the ransom note, the payment site, and the behavior of the support team.  However, Conti has denied this, saying, “BlackBasta is not conti it’s… kids.”  Lior Div, Cybereason CEO, stated that Black Basta is likely operated by former members of the defunct Conti and REvil gangs.  Like most groups operating targeted attacks, Black Basta employs the double extortion strategy.  The researchers noted that it is too early to know how successful it is at gaining ransom payments, but the group has been seen demanding millions of dollars as the ransom fee.  

SecurityWeek reports: "Black Basta Ransomware Becomes Major Threat in Two Months"