What is Black Basta Ransomware?

Black Basta Ransomware

In the recent months there has been a new threat in the ransomware and cyber security world.  A new group named Black Basta has emerged in strides, contributing to known attacks since April. Recently they were able to overtake a network by leveraging an old trojan to jump laterally across networks.

 “One of Qbot’s new tricks is particularly nasty, as once a machine is infected, it activates a special ‘email collector module’ which extracts all email threads from the victim’s Outlook client, and uploads it to a hardcoded remote server,” Check Point researchers mentioned in a report.

Their ransomware uses a variant of the Qbot trojan – discovered in 2008 and is now referred to as the “Swiss Army Knife” that is used for distributing malware.  Qbot, also known as Qakbot, started out being used to target banking credentials of unsuspecting victims via Email Trojan. Now it is being used again after a decade of dormancy, being distributed by another trojan, Emotet.

Reports of the group taking credit for a current campaign, encrypting VMware virtual machines. Thought to only attack Windows based systems, newfound components in this encryption binary entails they wish to spread to Unix systems as well. The algorithm uses multithreading to stay under the radar and to make encryption faster. This is very useful since these VMware servers have major computing power.

To avoid this type of attacks, we advise using concepts like a Zero Trust system and limiting administrative permissions to as few accounts as possible.

  • Enforce MFA, specifically on management accounts and platforms with elevated accounts.
  • Monitor login attempts originating from outside your network

Are You Audit Ready?

We can increase your cybersecurity stance before an audit occurs.