"Ransomware-As-A-Service Group Targets More Than 75 Organizations"

According to security researchers with Palo Alto Networks' Unit 42 threat intelligence team, the Black Basta Ransomware-as-a-Service (RaaS) group has compromised more than 75 organizations in recent months. The RaaS group has been found to employ the double extortion technique, which means that in addition to encrypting files on targeted systems and demanding a ransom to decrypt them, they also maintain a Dark Web leak site where they threaten to publish sensitive information if a company does not pay the ransom. According to the researchers, the ransomware is written in C++ and affects both Windows and Linux systems. It uses a combination of ChaCha20 and RSA-4096 to encrypt user data. In order to speed up the encryption, the ransomware encrypts in 64-byte chunks, leaving 128 bytes of data unencrypted. The faster the ransomware encrypts, the more it can potentially compromise systems before defenses are put into action, which is a key factor that cybercriminals look for when conducting business with a RaaS group. Davis McCarthy, principal security researcher at Valtix, says the rapid adoption of the cloud has forced financially motivated threat actors to change their tactics. Since sensitive data is stored in the cloud, RaaS operators exfiltrate all on-premise data or attempt to gain access to cloud accounts in order to increase their chances of making a profit. Password reuse and a lack of visibility into cloud infrastructure make it easy for groups like Black Basta to conduct double extortion campaigns. According to Bud Broomhead, CEO of Viakoo, this is yet another example of threat actors profiting from their malicious activities. Broomhead stated that in the case of Black Basta, it could be seen as a hybrid cloud implementation. The ransomware itself, when installed, forms a private cloud at the victim's site under the control of the threat actors, which is then connected to a public cloud for the "business" side of the ransomware process. This article continues to discuss researchers' findings regarding the Black Basta RaaS group. 

SC Magazine reports "Ransomware-As-A-Service Group Targets More Than 75 Organizations"