Beware of new Black Basta ransomware! Here is what damage it can cause


A new Black Basta ransomware has recently got operationalised by hackers. They ask hefty amounts to decrypt files and not leak data.

A new ransomware is reportedly stealing corporate data and documents before encrypting a company’s devices. Dubbed as Black Basta ransomware, it has become operative during April only and has breached more than 12 companies in just a few weeks. The ransomware uses the stolen data in double-extortion attacks and demands hefty amounts to decrypt files and not leak data. Big companies like Deutsche Windtechnik and American Dental Association have already become the victim of this ransomware. The amount of rasome is not known yet, however, the companies are in negotiation with the threat actors.

The data extortion details of these victims who have not paid a ransom yet are listed on ‘Black Basta Blog’ or ‘Basta News’ Tor site. Here’s all you need to know about this newly found ransomware

Also read: Looking for a smartphone? To check mobile finder click here.

What is Black Basta ransomware?

Black Basta ransomware seems to be a rebrand of an experienced operation i.e, Conti ransomware operation. It steals corporate data and documents before encrypting a company’s devices and demands a wholesome amount to not leak data. It slowly leaks data for each victim to try and pressure them into paying a ransom.

How does Black Basta ransomware work?

According to BleepingComputer, the ransomware hacks into an existing Windows service and uses it to launch the ransomware decryptor executable. The ransomware then changed the wallpaper to display a message stating, “Your network is encrypted by the Black Basta group. Instructions in the file readme.txt” and reboot the computer into Safe Mode with Networking. Ransomware expert Michael Gillespie informed the portal Black Basta ransomware utilizes the ChaCha20 algorithm to encrypt files. Each folder on the encrypted device contains a readme.txt file that has information about the attack and a link and unique ID to log in to the negotiation chat session with the threat actors. They then demand a ransom and threaten to leak data if payment is not made in seven…

Source…