A new hacker group called Black Basta is making great strides. The group made its first victim in the second week of April. In the following week, several companies fell prey to Black Basta’s ransomware attacks.
This is evident from an analysis by BleepingComputer .
This is how Black Basta works
According to the tech site, very little is known about Black Basta. For example, they do not advertise their attacks, nor do they recruit hackers or other collaborators through popular hacking forums. However, the lack of publicity does not mean that the hacker group is not active or less active than other groups.
The method of Black Basta is comparable to that of other hacker collectives. The group uses ransomware to penetrate their victims’ computer systems. Once inside, they steal business-sensitive and confidential information and documents. Then they put all files under lock and key with ransomware.
In order to collect their ransom money as quickly as possible, Black Basta is increasing the pressure on victims. The group threatens to make all stolen data public unless the victim pays a ransom to prevent publication. To back up their words, the hacker group is publishing more and more stolen data. The hackers do this until the victim pays. This is also known as double extortion.
Helpdesk helps victims out of the fire
Black Basta has several web pages on the dark web, such as the Black Basta Blog and Basta News. These sites are only accessible via the Tor web browser. There you will not only find a list of victims but often also a sample of the data that the hacker group has stolen.
BleepingComputer says that 10 companies have been hit by Black Basta with ransomware attacks. In reality, there are more victims, the tech site knows. Deutsche Windtechnik and the American Dental Association (ADA) were victims of Black Basta earlier this month, but their Tor pages have since been removed. This may mean that the parties are negotiating with the hackers about the amount of the ransom.
Once Black Basta ransomware has infected a system, all files are shielded. These files can be recognized by an icon with the extension .basta. A text file contains a URL and login ID that leads to a helpdesk. Via this Chat Black Baste, victims can negotiate the amount of the ransom. The hackers promise to prepare a security report after the ransom is paid.
Suspicion: ‘Black Basta is in reality Conti’
BleepingComputer thinks Black Basta is a rebrand of an experienced hacker group. MalwareHunterTeam points out the similarities with Conti via Twitter. For example, the group’s websites have the look and feel of Conti and the way in which the helpdesk communicates with victims is virtually the same. By operating under a different name, the hackers hope to lead the investigative authorities astray.
Conti was responsible for 13 per cent of all global ransomware attacks last year, according to security researchers.
Catch up on more articles here
Follow us on Twitter here