At the end of December 2023, the Berlin ethical hacking laboratory Security Research Labs uploaded a decryption tool for the Black Basta group’s ransomware to GitHub. The tool enables encrypted data retrieval from the cybercriminal group between its beginnings in November 2022 and recently.
Security Research Labs experts discovered a vulnerability in Black Basta’s encryption algorithm, which grants access to an unencrypted decryption key. Incident response firms had already identified this vulnerability, which allowed them to quietly decrypt their customers’ data.
However, Black Basta recently updated its ransomware, patching the vulnerability. Keeping its existence a secret was therefore no longer operationally useful, which probably led to the creation of the public-access decryptor.
Black Basta is an offshoot of the Conti group, the former world leader in ransomware attacks, which disbanded in the summer of 2022. Conti had unreservedly backed Vladimir Putin’s Russia following the invasion of Ukraine, thus becoming the West’s public enemy number one in cyberspace.