Black Basta Ransomware: What You Need to Know

NetmanageIT OpenCTI - opencti.netmanageit.com

Black Basta Ransomware: What You Need to Know



SUMMARY :

Black Basta is a ransomware-as-a-service group that emerged in April 2022, known for double extortion tactics. They target organizations globally, particularly in North America, Europe, and Australia, affecting over 500 entities across various industries. Initial access is gained through phishing, Qakbot, Cobalt Strike, and vulnerability exploitation. The group uses tools like Mimikatz for credential theft and lateral movement. Their process involves data exfiltration using Rclone, followed by file encryption using the ChaCha20 algorithm. The ransomware disables system defenses, deletes shadow copies, and leaves a ransom note. Black Basta has been linked to the FIN7 threat actor due to similarities in EDR evasion techniques.

OPENCTI LABELS :

ransomware,black basta


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Black Basta Ransomware: What You Need to Know