Black Basta Ransomware
Recovery Services

What is Black Basta Ransomware?

Black Basta ransomware has become a major threat since it was first discovered in April 2022, gaining high notoriety given its high-profile victims and double extortion methods. This means that the malware not only denies the victim access to their files, but also steals the data in order to blackmail the victim into paying the ransom. In order to add pressure on the victims, the ransomware group will leak the stolen data over time until the ransom is paid in full. There are speculations that the Black Basta group is an affiliate of Conti Ransomware which is an extremely dangerous malware group originating from Russia, first observed in the year 2020. This attacker group is known to target the data of organizations, businesses, companies, or enterprises that have not yet been encrypted and take control of their systems in order to shut down their networks.

How Does Black Basta Ransomware Work?

Black Basta Ransomware infects a company’s system through any given medium such as compromised links, attachments, or sites. It infiltrates the memory of systems in order to access files, information, and data of a certain organization. Once compromised, the infected system displays a large black screen with the words “Your network is encrypted by the Black Basta group. Instructions in the file readme.txt.” The whole system is then restarted and encrypted. File names are changed and the ransomware adds “.basta extension” at the end of each encrypted file. This sophisticated malware is almost impossible to crack and the Black Basta encryption system cannot be decrypted without the key. This key is only in the possession of Black Basta. In order to prevent the victim from repairing and restoring their system, the group applies specific commands. The malware then resets the entire system using commands “shutdown” and “bcdedit.”

Black Basta & The QBot Malware

More recently, companies that are based in the US, UK, Canada, New Zealand and Australia have been seeing a sudden increase in a new ransomware campaign involving Black Basta and the use of the QBot malware (aka QakBot). The QBot malware was initially designed to be a banking Trojan, made to extort money from targets such as Bank of America, Chase, Wells Fargo, and Capital One. QBot steals banking credentials and sensitive information stored in banking systems by installing a backdoor point of entry then proceeding to remotely install encryption malware on the victim’s network. Once inside, the attackers move laterally within the network.

Since November 2022, investigators have observed Black Basta utilizing QBot in order to breach targets within the US. QBot operators infect a system via phishing emails, then Black Basta actors deploy their ransomware strain. This specific ransomware campaign is a huge threat to companies since the attackers deploy the virus within only 12 hours of the breach and completely shut down victims’ networks.

How Can I Protect Against Black Basta Ransomware?

The mitigation of ransomware and other malicious malware is prevalent. Raising awareness of potential threats and being prepared for them can save a company from ruin. There are various methods to protect oneself from this particular ransomware. By implementing systems that adhere to online and offline backups, companies have an added layer of support since this method of storing data away from the system network will help with the recovery process should an attack take place. Another method is to employ multi-factor authentication for all network access points, especially to ensure the safety of the RDP or Remote Desktop Protocol access since this is how Black Basta has entered networks before.

Recruiting ransomware behavior analysts and malware recovery experts can be a beneficial investment to the company in identifying security risks and potential threats. The organizations that the Black Basta group targeted and extorted were remiss about their cybersecurity and they paid for it, quite literally. Pushing businesses to further security and awareness about the weaknesses of their systems will ensure that the cyber health of the company remains in good shape.

Find Specialized Black Basta Ransomware Recovery Services at Alvaka

At Alvaka, we have many years of experience helping victims through ransomware recoveries and getting back to business. When working with our ransomware-focused team of engineers, you can successfully remove the ransomware, eject the hackers, and protect your company against maximum financial losses and reputation damage.  

Get in touch with us today and let our team intervene with precision, agility, and promptness to restore the IT security of your organization. Our team is available 24/7/365 at 1-866-772-6766 or accessible via Live Chat.