Ransomware Group
Black Basta
Also known as: BlackBasta
Status: active • First seen 2022-04 • 500+ known victims
Black Basta is one of the newest major ransomware gangs, but they've already hit hundreds of organizations. They're believed to be former members of the Conti gang that was shut down. They target big companies and critical infrastructure, often demanding millions of dollars.
Overview
Black Basta emerged in 2022 and quickly became one of the most prolific ransomware operations. Believed to have ties to the former Conti ransomware group, Black Basta operates a closed affiliate model and has demonstrated sophisticated capabilities targeting critical infrastructure and large enterprises.
Target Industries
Healthcare, Manufacturing, Construction, Professional Services, Technology, Government
How They Attack
- • Qakbot (QBot) trojan for initial access
- • Exploiting vulnerable VPNs and firewalls
- • Spear-phishing with malicious attachments
- • Using Cobalt Strike and Brute Ratel
- • Living-off-the-land techniques
Notable Victims
ABB (Swiss engineering company), Yellow Corporation (trucking), Dish Network, Multiple hospital systems, Government contractors
Is your business exposed?
How to Protect Against Black Basta
- 1.
Block Qakbot indicators at email gateway
- 2.
Patch VPN and firewall appliances immediately
- 3.
Enable MFA everywhere, especially email and VPN
- 4.
Train employees on phishing and suspicious attachments
- 5.
Deploy EDR with C2 beacon detection
- 6.
Maintain air-gapped backups
MITRE ATT&CK Techniques
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required