Black Basta ransomware has made headlines for allegedly compromising high-profile European and North American organizations across a variety of industries, such as outsourcing, technology, and manufacturing. The history of Black Basta ransomware dates to at least April 2022, with a professional organizations company in the United States being one of its first victims. Since then, Black Basta has slowly expanded their operations, with the group allegedly compromising and stealing data from a US government contractor and a US aerospace and defense company in late 2022.[1]
This ransomware is considered a successor to the now-defunct Conti ransomware because some former Conti members are believed to be in the Black Basta group. Some also believe a potential connection exists between Black Basta and the Fin7 threat actor due to the groups' similar Tactics, Techniques, and Procedures (TTPs).
Black Basta operates a Ransomware-as-a-Service (RaaS) model, in which the developers offer a service such as ransomware, an infrastructure for payment processing and ransom negotiation, and technical support to its affiliates.
Link to the full report: IR-23-185-001_BlackBasta.pdf
[1] https://www.fortinet.com/blog/threat-research/ransomware-roundup-black-basta/
Comments