Free Trial
|
Login
Free Trial
Login
Platform

Platform

I want to

report
WHITEPAPER Picus Red Report 2024
white paper
DATASHEET Security Validation Platform
Use Cases

Use Cases

Frameworks

Group
WHITEPAPER Building a Robust Defense-in-Depth Strategy with Breach and Attack Simulation (BAS)
webinar
ON-DEMAND Top Ten ATT&CK Techniques: The Rise of ‘Hunter-Killer’ Malware
Research

RESEARCH

LEARNING

report (1)
REPORT 2024 Gartner® Peer Insights™ Voice of the Customer for Breach and Attack Simulation (BAS) Tools
report (1)
REPORT Blue Report: Effective Threat Exposure Management
Resources

RESOURCES

LEARNING

Group
WHITEPAPER Double Your Threat Blocking in 90 Days
webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Company

COMPANY

PARTNERS

webinar
UPCOMING WEBINAR Maximizing Cybersecurity with GenAI
Data sheet
DATASHEET The Pioneer of Breach & Attack Simulation
GET A DEMO

Black Basta Ransomware Gang

By Huseyin Can YUCEEL & Picus Labs   August 22, 2022   Ransomware

The Black Basta group is a newcomer to the Ransomware-as-a-Service (RaaS) market and has already impacted nearly 50 victims. The ransomware group cooperates with QuakBot (Qbot) malware operators to distribute their ransomware. The Black Basta group has different ransomware variants capable of impacting Windows, Linux, and ESXi VM images. The ransomware group uses the double extortion method and exfiltrates the victim’s sensitive data before encrypting it. In a notable series of cyber attacks, the Black Basta group stole and encrypted PII data belonging to members of the American Dental Association, New York, Virginia, and Florida State Dental Associations.
Metadata

Associated Groups

-

Associated Country

Russia

First Seen

April 2022

Target Sectors

Automotive, Construction, Cosmetics, Energy, Healthcare, Heating, Manufacturing, Pharmaceuticals, Plumbing, Telecommunication, Transportation, Textile

Target Countries

United States, Australia, Canada, India, New Zealand, Singapore, United Arab Emirates, United Kingdom
Modus Operandi

Business Models

Ransomware-as-a-service (RaaS)

Double Extortion

Extortion Tactics

File Encryption

Data Leakage

Initial Access Methods

Exploit Public-Facing Application

Phishing

External Remote Services

Impact Methods

Data Encryption

Data Exfiltration
Exploited Applications and Vulnerabilities by Black Basta

Application

Vulnerability

CVE

CVSS

Windows Print Spooler

Remote Code Execution

CVE-2021-34527

8.8 High
Utilized Tools and Malware by Black Basta

MITRE ATT&CK Tactic

Tools

Initial Access 

QakBot

Execution

Cobalt Strike

Persistence

Cobeacon Backdoor

Privilege Execution

Mimikatz

Defence Evasion

Coroxy
bcdedit

Discovery

Cobalt Strike

Lateral Movement

netcat

Exflitration

Mega

Google Drive

Impact

vssadmin 

Black Basta Ransomware

  • [1]     F. Fkie, “QakBot (Malware Family).” [Online]. Available: https://malpedia.caad.fkie.fraunhofer.de/details/win.qakbot. [Accessed : Jul. 07, 2022]

  • [2]       K. Arhart, “Cobalt Strike,” Cobalt Strike Research and Development, Aug. 19, 2021. https://www.cobaltstrike.com/ (accessed Jul. 06, 2022).

  • [3]     “Backdoor.Win32.COBEACON.A.” [Online]. Available: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/backdoor.win32.cobeacon.a. [Accessed: Jul. 07, 2022]

  • [4]     “GitHub - gentilkiwi/mimikatz: A little tool to play with Windows security,” GitHub. https://github.com/gentilkiwi/mimikatz (accessed Jul. 06, 2022).

  • [5]     “Trojan.Win32.COROXY.A.” [Online]. Available: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.win32.coroxy.a/. [Accessed: Jul. 07, 2022]

  • [6]     H. C. Yüceel, “MITRE ATT&CK T1490 Inhibit System Recovery - The Ransomware’s Favorite.” https://www.picussecurity.com/resource/mitre-attck-t1490-inhibit-system-recovery-the-ransomwares-favorite (accessed Jul. 06, 2022).

  • [7]     G. Giacobbi, “The GNU Netcat -- Official homepage.” [Online]. Available: http://netcat.sourceforge.net. [Accessed: Jul. 07, 2022]

  • [8]       S. Özarslan, “MITRE ATT&CK T1003 Credential Dumping.” https://www.picussecurity.com/resource/blog/picus-10-critical-mitre-attck-techniques-t1003-credential-dumping (accessed Jul. 05, 2022).

  • [9]     F. Fkie, “Black Basta (Malware Family).” [Online]. Available: https://malpedia.caad.fkie.fraunhofer.de/details/win.blackbasta. [Accessed: Jul. 07, 2022]

Related Content

August 22, 2022   •   Ransomware

Conti Ransomware Group

READ MORE

August 22, 2022   •   Ransomware

BlackCat Ransomware Gang

READ MORE

August 22, 2022   •   Ransomware

Hive Ransomware Group

READ MORE

August 22, 2022   •   Ransomware

Vice Society Ransomware Group

READ MORE

DISCOVER
MORE RESOURCES

Vice Society Ransomware Group

Read More

Snatch Ransomware Gang

Read More

Clop Ransomware Gang

Read More