Ransomware Group

Black Basta

Status: active • First seen 2022-04500+ known victims

Black Basta grew from the old Conti gang and has attacked hundreds of companies. They use a malware called Qakbot to get into networks before deploying ransomware.

Overview

Black Basta is linked to former Conti members and uses Qakbot for initial access. The group has compromised hundreds of organizations including critical infrastructure.

Target Industries

Manufacturing, Construction, Healthcare, Critical Infrastructure

How They Attack

  • Qakbot delivery
  • Cobalt Strike
  • Double extortion
  • Conti lineage

Notable Victims

ABB (2023), Capita (2023), Dish Network (2023)

Is your business exposed?

How to Protect Against Black Basta

  1. 1.

    Block Qakbot indicators

  2. 2.

    Detect Cobalt Strike activity

  3. 3.

    Implement network segmentation

MITRE ATT&CK Techniques

T1566, T1219, T1486, T1567

Related Groups

Conti, Royal

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices