A new ransomware group has targeted almost 50 victims within the two months of its emergence in the wild and it hasn’t even begun its marketing or affiliate campaign yet. The Black Basta ransomware first became operational in April 2022 and is the latest ransomware gang seeking to extort enterprises. Researchers believe Black Basta’s quick rise to prominence is due to its potential close ties with and copying the techniques of other successful ransomware groups such as Conti and REvil. Another factor of Black Basta’s early achievements is likely its partnership with Qakbot/QBot malware. Likewise, it didn’t take long for the ransomware to advance its capabilities by incorporating the encrypting of VMware ESXi virtual machines running on enterprise Linux servers into its arsenal. Despite its onset of aggressive activity, Black Basta seems to have at least one downfall. According to Trend Micro, it needs administrator rights to run. This “feature” alone makes a great case for maintaining separate user profiles and never staying perpetually logged in with an account profile that has administrator rights. For more information on how to defend against ransomware, visit CISA’s Stopransomware.gov. Read more at SecurityWeek or read the full report at Cybereason.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!