Beware of new Black Basta ransomware! Here’s the damage it can cause
A new Black Basta ransomware has recently been operationalized by hackers. They demand huge sums to decrypt files and not leak data.
A new ransomware is said to steal corporate data and documents before encrypting a company’s devices. Dubbed Black Basta ransomware, it only went live in April and hacked over 12 companies in just a few weeks. The ransomware uses the stolen data in double extortion attacks and demands huge sums of money to decrypt files and not leak data. Large companies like Deutsche Windtechnik and American Dental Association have already fallen victim to this ransomware. The amount of rasome is not yet known, however, the companies are in negotiation with threat actors.
The data extortion details of those victims who have not yet paid a ransom are listed on the Tor site “Black Basta Blog” or “Basta News”. Here’s everything you need to know about this recently discovered ransomware
What is Black Basta ransomware?
Black Basta ransomware appears to be a re-image of an experienced operation, i.e. Conti ransomware operation. It steals corporate data and documents before encrypting a company’s devices and demands a healthy amount not to leak data. It slowly leaks data for each victim to try to force them to pay ransom.
How does Black Basta ransomware work?
According to BleepingComputer, the ransomware hijacks an existing Windows service and uses it to launch the ransomware decryptor executable. The ransomware then changed the desktop wallpaper to display a message stating: “Your network is encrypted by the Black Basta group. Instructions in the readme.txt file” and restart the computer in Safe Mode with Networking. Ransomware expert Michael Gillespie informed the portal that Black Basta ransomware uses the ChaCha20 algorithm to encrypt files. Each folder on the encrypted device contains a readme.txt file which contains information about the attack and a link and unique ID to connect to the negotiation chat session with the threat actors. They then demand a ransom and threaten to leak data if payment is not made within seven days, and promise to secure the data after paying a ransom.
Unfortunately, the encryption algorithm is secure and there is no way to recover files for free.