ZeroFox Intelligence on its blog post has observed and released the report of ransomware of unknown, Russian-speaking origin targeting a wide range of industries with a financial motivation, and was first seen in April 2022.
Black Basta is a highly-effective ransomware strain used by Hackers to infect and extort victims. Consistent with most ransomware collectives, Black Basta operators exfiltrate sensitive corporate data before encrypting devices and leverage double-extortion tactics, threatening to release the exfiltrated data if ransom demands are not met, ZeroFox reports.
In mid-April 2022, the ransomware was identified following the first reported incidents of compromise, though evidence suggests that it was in development as early as February 2022.
In late April, the group also made their presence known on the Russian underground forum Exploit.in; ZeroFox Intelligence observes a user with the name “Black Basta” who posted an advertisement, offering to buy and monetize access to corporate networks for a percentage of profits.
According to the announcement, the actor was interested in organizations located in the United States, Canada, the United Kingdom, Australia, and New Zealand.
Black Basta has rapidly become one of the most prolific variants. Between April and August 2022, it accounted for the third-highest number of ransomware incidents among the most notable strains, targeting over 50 organizations worldwide across multiple industries.
