The Black Basta ransomware group quickly gained notoriety after it laid claim to massive breaches earlier this year. On April 20, 2022, a user under the name “Black Basta” sought out corporate network access credentials on underground forums in exchange for a share of the profits from their ransomware attacks. Specifically, the user was in the market for credentials that could compromise organizations based in English-speaking countries, including Australia, Canada, New Zealand, the UK, and the US.
Two days later, the American Dental Association (ADA) suffered a cyberattack that led it to shutter multiple systems. Data allegedly stolen from the ADA was published on the Black Basta leak site only 96 hours after the attack.
While it was previously assumed that the ransomware group used bought or stolen corporate network access credentials to infiltrate its victims’ networks, our analysis of another set of samples monitored within a 72-hour time frame shows a possible correlation between the Qakbot trojan and the Black Basta ransomware. Black Basta continued to evolve, and in June, a Linux build of the ransomware that encrypts VMware ESXi virtual machines was discovered in the wild.
No Data Found
© ALL RIGHTS RESERVED TO DarkFeed 2023