Beware of new Black Basta ransomware! Here is what damage it can cause

A new Black Basta ransomware has recently got operationalised by hackers. They ask hefty amounts to decrypt files and not leak data.

By: HT TECH
| Updated on: Aug 22 2022, 11:55 IST
Black Basta Ransomware has attacked 12 companies in just a few weeks.
Black Basta Ransomware has attacked 12 companies in just a few weeks. (Getty Images)

A new ransomware is reportedly stealing corporate data and documents before encrypting a company's devices. Dubbed as Black Basta ransomware, it has become operative during April only and has breached more than 12 companies in just a few weeks. The ransomware uses the stolen data in double-extortion attacks and demands hefty amounts to decrypt files and not leak data. Big companies like Deutsche Windtechnik and American Dental Association have already become the victim of this ransomware. The amount of rasome is not known yet, however, the companies are in negotiation with the threat actors.

The data extortion details of these victims who have not paid a ransom yet are listed on 'Black Basta Blog' or 'Basta News' Tor site. Here's all you need to know about this newly found ransomware

You may be interested in

MobilesTablets Laptops
7% OFF
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
34% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

What is Black Basta ransomware?

Black Basta ransomware seems to be a rebrand of an experienced operation i.e, Conti ransomware operation. It steals corporate data and documents before encrypting a company's devices and demands a wholesome amount to not leak data. It slowly leaks data for each victim to try and pressure them into paying a ransom.

Also read
Looking for a smartphone? To check mobile finder click here.

How does Black Basta ransomware work?

According to BleepingComputer, the ransomware hacks into an existing Windows service and uses it to launch the ransomware decryptor executable. The ransomware then changed the wallpaper to display a message stating, "Your network is encrypted by the Black Basta group. Instructions in the file readme.txt" and reboot the computer into Safe Mode with Networking. Ransomware expert Michael Gillespie informed the portal Black Basta ransomware utilizes the ChaCha20 algorithm to encrypt files. Each folder on the encrypted device contains a readme.txt file that has information about the attack and a link and unique ID to log in to the negotiation chat session with the threat actors. They then demand a ransom and threaten to leak data if payment is not made in seven days, and promise to secure data after a ransom is paid.

Unfortunately, the encryption algorithm is secure and there is no way to recover files for free.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 29 Apr, 10:00 IST
NEXT ARTICLE BEGINS