Black Basta ransomware Received Over 0 million from Victims

Black Basta, the fourth-most active ransomware strain with more than 329 victims, has reportedly made over $100 million in ransom payments. This ransomware has also been discovered to resemble the Conti ransomware group, which stopped its operations by May 2022.

A group known as Black Basta has been found to engage in double-extortion tactics, whereby they not only demand a ransom from their victims but also threaten to release the stolen data if their demands are not met.

EHA

This group came into existence in 2022 after the Conti group was reportedly dissolved.

Document
Protect Your Storage With SafeGuard

Is Your Storage & Backup Systems Fully Protected? – Watch 40-second Tour of SafeGuard

StorageGuard scans, detects, and fixes security misconfigurations and vulnerabilities across hundreds of storage and backup devices.

Black Basta Operations

This group mostly targets several businesses in various sectors like construction, law practices, and real estate. Their prime focus was US-based organizations, accounting for more than 61% of their victims.

Their high-profile targets include Capita, a technology outsourcer, and ABB, an industrial automation company. However, neither company disclosed any reports of whether the ransom was paid or not.

Black Basta mostly deployed Qakbot malware for their ransomware operations and also used Qakbot wallets similar to the Conti group. Qakbot was dismantled in August 2023 by Law enforcement operations, which reduced the ransomware payment group during the second half of 2023.

Source: Elliptic
Black Basta Ransomware Timeline Source: Elliptic

Though several ransom payments were made, Black Basta has been discovered to take only 14% of the ransom payments, and a huge split goes to RaaS (ransomware-as-a-service) operations. 

Additionally, the threat group used the same Bitcoin wallets as Conti ransomware, proving that both groups are linked.

A complete report about this threat actor has been published, providing additional information about their operations, financial graphs, links, and other information.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Guru Baran
https://cybersecuritynews.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.