{
	"id": "fbbcce17-489b-4b46-af02-b6a81619b834",
	"created_at": "2026-04-06T00:15:51.439265Z",
	"updated_at": "2026-04-10T03:20:42.994028Z",
	"deleted_at": null,
	"sha1_hash": "fe6fd8c3c183131ae3ec8cc7a4a2789afefec66a",
	"title": "Black Basta Ransomware Emerging From Underground to Attack Corporate Networks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 648753,
	"plain_text": "Black Basta Ransomware Emerging From Underground to Attack\r\nCorporate Networks\r\nBy Gurubaran\r\nPublished: 2022-06-28 · Archived: 2026-04-05 22:08:42 UTC\r\nTwo months have passed since the Black Basta Ransomware first surfaced. Nearly 50 victims have already been\r\nreported from the following countries:-\r\nThe U.S.\r\nCanada\r\nThe U.K.\r\nAustralia\r\nNew Zealand\r\nThis ransomware is a ransomware-as-a-service, which means that you can contract the malware and use it for a\r\nfee.\r\nIndustries Targeted\r\nThe Cybereason security experts claimed that Black Basta ransomware is observed to target industries across a\r\nwide range, and here they are mentioned below:-\r\nManufacturing\r\nConstruction\r\nTransportation\r\nTelcos\r\nPharmaceuticals\r\nCosmetics\r\nPlumbing\r\nHeating\r\nAutomobile dealers\r\nUndergarments manufacturers\r\nThe threat actors who are behind Black Basta ransomware are known for extorting sensitive information from\r\ntheir victims in order to run their operations.\r\nThe operators of the ransomware start blackmailing people with threats of publishing stolen information online,\r\nand then it demands a digital payment to free up their data.\r\nKey highlights of Black Basta\r\nhttps://gbhackers.com/black-basta-ransomware/\r\nPage 1 of 4\n\nRansomware attacks are a rapidly evolving problem worldwide due to advancing technology and the digitalization\r\nof society. While the very first ransomware attack occurred back in 1989. \r\nThe Black Basta exploits Qakbot to gain access to devices and move from one device to another collecting\r\ninformation from them.\r\nHere below we have mentioned all the key highlights of Black Basta:-\r\nProminent Threat\r\nTargets VMware ESXi\r\nHigh Severity\r\nTargeting English-speaking countries\r\nTargeting a Wide Range of Industries\r\nHuman Operated Attack\r\nDetected and Prevented\r\nThere have been some theories regarding the origins of this ransomware, considering the speed at which it has\r\nrisen to prominence. In some cases, people have speculated that this ransomware may be related to Conti;\r\nhowever, that has not been confirmed yet.\r\nAttack flow\r\nAfter infecting the target network the ransomware performs the following actions:- \r\nReconnaissance\r\nCollect data \r\nCredentials\r\nMove laterally\r\nDownload payloads\r\nExecute payloads\r\nIn order to gain access to the Domain Controller, the attacker needs to harvest the credentials as well as\r\nunderstand the network structure and then using PsExec traverse to the next computer.\r\nIn the case of a successful breach, the attacker will perform a final procedure aimed at avoiding detection in order\r\nto hide their illicit activities.\r\nMoreover, before encrypting files themselves, ransomware typically deletes shadow copies of files and other\r\nbackups using VSSadmin.exe. At the end of the attack, the ransomware is deployed to the targeted endpoints, and\r\nhttps://gbhackers.com/black-basta-ransomware/\r\nPage 2 of 4\n\nthis completes the final stage of the attack.\r\nRecommendations\r\nHere below we have mentioned all the security recommendations:-\r\nEnable the Anti-Ransomware Feature on AV tools that you have installed.\r\nEnable Anti-Malware Feature on AV tools that you have installed.\r\nUpdate your systems regularly to keep them in good working order\r\nMake sure your systems are fully patched\r\nMaintain regular backups of your files on a remote server\r\nImplement robust security solutions to stay secure.\r\nYou can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.\r\nhttps://gbhackers.com/black-basta-ransomware/\r\nPage 3 of 4\n\nGurubaran\r\nGurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience\r\nas a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.\r\nSource: https://gbhackers.com/black-basta-ransomware/\r\nhttps://gbhackers.com/black-basta-ransomware/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://gbhackers.com/black-basta-ransomware/"
	],
	"report_names": [
		"black-basta-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434551,
	"ts_updated_at": 1775791242,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fe6fd8c3c183131ae3ec8cc7a4a2789afefec66a.pdf",
		"text": "https://archive.orkl.eu/fe6fd8c3c183131ae3ec8cc7a4a2789afefec66a.txt",
		"img": "https://archive.orkl.eu/fe6fd8c3c183131ae3ec8cc7a4a2789afefec66a.jpg"
	}
}