"New Black Basta Ransomware Campaign Is Actively Targeting US Companies"

The cybersecurity technology company Cybereason has warned that an aggressive new ransomware campaign from the Black Basta ransomware group is targeting US businesses. Black Basta first appeared in April and is thought to be an offshoot of the Conti ransomware gang, employing similar tactics. The data leak blogs, payment sites, recovery portals, victim communications, and negotiation methods used by Black Basta are all similar to Conti operations. The group targets organizations in the US, Canada, the UK, Australia, and New Zealand. Black Basta engages in double-extortion ransomware attacks, which encrypt and steal data from victims. The stolen data is used to extort victims for a ransom payment, with the threat that the stolen data will be published if the demanded ransom is not paid. Black Basta's latest campaign employs QakBot malware to establish an initial point of entry and move laterally within an organization's network. QakBot, also known as QBot or Pinkslipbot, was discovered in 2019 and has been used in ransomware attacks, including one against FUJIFILM Holdings in 2020. After gaining access to a victim's network, QakBot installs a back door that allows the threat actor to drop additional malware, which is ransomware in the latest Black Basta campaign. According to the Cybereason researchers, while Black Basta is not new, its latest campaign is aggressively targeting many organizations. Those behind the current Black Basta campaign have been observed moving quickly, with cases where the threat actor obtained domain administrator privileges in less than two hours and moved to ransomware deployment in less than 12 hours. Black Basta, described as widespread and severe, has been using QakBot to target mostly US-based companies and has acted quickly on any spear phishing victims they have compromised. Over the last two weeks, the researchers have identified over ten different Cybereason customers who the campaign has impacted. This article continues to discuss findings regarding the new Black Basta ransomware campaign. 

SiliconANGLE reports "New Black Basta Ransomware Campaign Is Actively Targeting US Companies"