The Black Basta group, identified only two months ago, has reportedly already claimed nearly 50 victims in the U.S., Canada, UK, Australia, and New Zealand, making it one of the most active emerging RaaS group.
The group targeted companies in the manufacturing, construction, transportation, telecom, pharmaceutical, plumbing, and heating sectors. According to security researcher Ido Cohen, Black Basta hacked Elbit Systems of America, a manufacturer of defence, aerospace and security solutions, this weekend.
First identified in February 2022, the Black Basta ransomware strain was then advertised on underground forums, before being used in attacks since April 2022, with the classic ‘double extortion’ technique.
These intrusions used Qbot to maintain persistence on compromised hosts and harvest credentials, before moving laterally across the network and deploying the encryption malware. The RaaS group also developed a Linux variant of its ransomware, targeting VMware ESXi virtual machines.
Several researchers strongly suspect Black Basta to be an offshoot of Conti (after its self-dissolution), which the Russian ransomware group denies.