Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made over $100 million in ransom payments. This ransomware has also been discovered to resemble the Conti ransomware group, which stopped its operations by May 2022. A group known as Black Basta has been found to engage in double-extortion tactics, whereby they not only demand a ransom from their victims but also threaten to release the stolen data if their demands are not met. This group came into existence in 2022 after the Conti group was reportedly dissolved. StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices. This group mostly targets several businesses in various sectors like construction, law practices, and real estate. Their prime focus was US-based organizations, accounting for more than 61% of their victims. Their high-profile targets include Capita, a technology outsourcer, and ABB, an industrial automation company. Neither company disclosed any reports of whether the ransom was paid or not. Black Basta mostly deployed Qakbot malware for their ransomware operations and also used Qakbot wallets similar to the Conti group. Qakbot was dismantled in August 2023 by Law enforcement operations, which reduced the ransomware payment group during the second half of 2023. Though several ransom payments were made, Black Basta has been discovered to take only 14% of the ransom payments, and a huge split goes to RaaS operations. The threat group used the same Bitcoin wallets as Conti ransomware, proving that both groups are linked. A complete report about this threat actor has been published, providing additional information about their operations, financial graphs, links, and other information. Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 01 Dec 2023 11:07:34 +0000