Black Basta Bundles BYOVD With Ransomware Payload
Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta's ransomware, illustrating the increasing popularity of the defense-evasion technique.
Black Basta is a ransomware operation; coverage examines reported incidents, technical analysis, disruption, and defensive guidance for organizations.
Search across headline titles and summaries.
Background for this topic.
Black Basta is a ransomware operation that encrypts victims’ data and threatens to publish stolen information to pressure payment. The group is known for combining data encryption with data theft, increasing the impact on targeted organizations. Their attacks often involve exploiting vulnerabilities or compromised remote access to deploy ransomware payloads designed to evade detection and maximize disruption.
Security teams should focus on controlling remote access with multi-factor authentication, applying timely patches to known vulnerabilities, and segmenting networks to limit ransomware spread. Monitoring for indicators of compromise related to Black Basta’s tactics, such as unusual file encryption activity or data exfiltration, can help detect and contain incidents early. Understanding this dual-threat approach is critical for prioritizing defenses and response efforts against this ransomware family.
Weekly headline count for the current query.
Researchers discovered a newly disclosed vulnerable driver embedded in Black Basta's ransomware, illustrating the increasing popularity of the defense-evasion technique.
The emerging threat group is the latest to adopt the combo attack tactic, which Black Basta and other groups already are using to gain initial access for ransomware deployment.
Though the chat logs were leaked a month ago, analysts are now seeing that Russian officials may have assisted Black Basta members according, to the shared messages.
The future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect.
The UK's Southern Water has been forced to shell out millions due to a Black Basta cyberattack, and it has come to light that the total could include a ransom payment.
One of 2024's most active ransomware outfits has been asleep through early 2025, thanks to reality-show-style, behind-the-scenes drama.
The prolific ransomware group has shifted away from phishing as the method of entry into corporate networks, and is now using initial access brokers as well as its own tools to optimize its most recent attacks.
When abused by threat actors with sophisticated social-engineering chops, remote-access tools demand that enterprises remain sharp in both defense strategy and employee-awareness training.
Ransomware groups have always created problems for their victims that only they could solve. Black Basta is taking that core idea in a creative, new direction.
Black Basta ransomware claimed responsibility, but the company says its investigation is ongoing.
An emerging threat actor, Water Curupira, is wielding a new, sophisticated loader in a series of thread-jacking phishing campaigns that precede ransomware.
A tool now allows for victim files encrypted by the Black Basta cybercriminal gang to be fully or partially recoverable, depending on their size
The Royal Ransomware Group has emerged as a threat to companies in 2022 and they have carried out dozens of successful attacks on global companies. Cybereason suggests that companies raise their awareness of this potential pending threat.
The ransomware group is using Qakbot to make the initial point of entry before moving laterally within an organization’s network.
Several artifacts from recent attacks strongly suggest a connection between the two operations, researchers say.
The QAKBOT group has successfully ramped up its operations, infecting systems, installing attack frameworks, and selling access to other groups, including Black Basta.
Luna, Black Basta add to rapidly growing list of malware tools targeted at virtual machines deployed on VMware's bare-metal hypervisor technology.
Like a hydra, every time one ransomware gang drops out (REvil or Conti), plenty more step up to fill the void (Black Basta).
The new ransomware strain Black Basta is now actively targeting VMware ESXi servers in an ongoing campaign, encrypting files inside a targeted volumes folder.