Close

Get in Touch

Contact us to learn more about our elite cybersecurity services and industry-leading technologies.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Close
Breachquest

Emergency Incident Assistance

Is your network under attack? Get in touch with a
BreachQuest Specialist right away with this form.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You can also reach us by calling our 24/7 hotline.

+1 888 409 5811

Black Basta

New in April 2022, the group is known for their double extortion attacks, threatening victims to pay a demanded ransom or risk having stolen data slowly leaked on a dedicated data leak site (“DLS”), ‘Black Basta Blog.’ The group has been observed to target high-value organizations, with many victims based in the US, focusing on the construction and manufacturing industries. The group targets a wide span of organizations, also including real estate, business services, and chemicals. The Black Basta encryptor appears to be a console-based executable ransomware, needing to be run with administrative privileges to execute properly. Once encryption is complete, the ransomware will change the wallpaper to display a message to the victim, displaying further instructions are in a ‘readme.txt’ file. The .txt file will also contain a link and a unique ID required to log in to their dedicated negotiation chat session. Speculations have risen that this group may be a rebrand of a once-formed group.

Go Back Go to Glossary index
Share this article:

Sign up for our newsletter to get more industry news and insights.

Related Resources

Black Basta Ransomware - What you need to know.

Learn more