How Dangerous Is BlackBasta Ransomware?

It’s being reported that the emerging Black Basta ransomware gang has managed to hit close to 50 organisations in Anglophone countries since it started operations a few months ago, and appears to aspire to levels of infamy accorded to the likes of Conti or REvil.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Etay Maor
Etay Maor , Director of Security Strategy
InfoSec Expert
June 29, 2022 4:37 pm

The BlackBasta ransomware group has been gaining ground as one of the more active ransomware groups. What stands out with BlackBasta, aside from their very fast ascendance as a ransomware group – hinting to potentially former ransomware operators with experience being involved – are their rather quick actions after gaining access to a victim’s network. While many ransomware groups reside anywhere from days to months on victim networks, collecting data, passwords and mapping out network – some of BlackBasta’s operations have been very quick.

One of the reasons for this is that in some attacks it seems that the BlackBasta group acquires data from previous breaches. BlackBasta has been known to buy credentials from different underground market vendors, it may also be the case that RaaS (Ransomware as a Service) has been used and that they got hold of network architectures, allowing them to automate their attacks by writing scripts. This would allow them to connect and exploit known servers on the network within minutes and not months.

These types of attacks further highlight the need for complete visibility to everything that is happening on the network. Security point solutions are no match for these types of threat actors and organizations must consider network indicators and a converged wholistic security architecture that would allow a multiple choke point approach to these threats.

Last edited 1 month ago by Etay Maor
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x