Ransomware
Black Basta
First seen: 2022-04 • Status: active
Currently Active Threat
Black Basta is run by former Conti ransomware members. They have attacked over 500 companies since 2022.
Overview
Black Basta emerged from former Conti members and has become one of the most active ransomware groups, targeting over 500 organizations.
Also Known As
BlackBasta
How It Spreads
- • QakBot infections
- • Phishing
- • Exploitation
What It Does
- • File encryption
- • Data exfiltration
- • Double extortion
Is your business exposed?
Target Platforms
Windows, Linux, VMware ESXi
Detection Tips
- • Monitor for QakBot
- • Watch for Black Basta TTPs
MITRE ATT&CK Techniques
T1486, T1567, T1490
If You're Infected
- 1.
Isolate infected systems
- 2.
Engage incident response
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required