The ransomware group Black Basta is quickly gaining traction in a short amount of time. The ransomware-as-a-service (RaaS) group has 50 successful attacks on organizations in Canada, the UK, Australia, and New Zealand, but seems to be focusing most of its attention on the United States. The group is not only encrypting data that the victim has to pay to unlock, they are also stealing the data and threatening to release it on the dark web.
The group is using a spear-phishing email attack vector to infiltrate corporate networks. The emails have an Excel file attached. When an employee opens the Excel file and enables macros, the malware is installed. Black Basta is then able to move laterally across the network to collect and encrypt data.
The new ransomware group has gained attention from the cybersecurity community because of the speed and success of its attacks. Cybersecurity experts believe the group is comprised of a previous Russian hacker group that shut down because of an internal data leak. The Conti group was one of the most aggressive ransomware groups of 2020-21 with a tally of 859 victims including the government of Costa Rica. The current consensus is Black Basta is an evolution of Conti.
The malware used by Black Basta is also unique. The group added a Linux version of malware in early June, so now they are able to infect Windows machines and Linux servers. Additionally, the Windows version of the malware successfully disabled Windows Defender and other anti-virus solutions during the attack.
Like with most ransomware, the infiltration starts with a person. An employee downloads and opens an Excel file. Businesses are being reminded to keep systems patched and updated, and backup to a remote server, but they are also being advised to disable Microsoft Office macros company-wide and remind employees to understand where emails and attachments are coming from before opening.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
