Blackbasta Ransomware

Malware Profile Updated 13 days ago
Download STIX
Preview STIX
BlackBasta is a ransomware-type malware, designed to infiltrate systems undetected and hold data hostage in exchange for ransom. Originating from Russian-speaking regions, this malicious software has been linked to numerous high-profile cyber attacks. The group behind BlackBasta has demonstrated its capacity to breach even well-secured corporations, causing significant operational disruptions and stealing sensitive data. Recently, Viking Coca-Cola, one of the largest Coca-Cola bottlers in the U.S., fell victim to a BlackBasta attack. The company's name was added to the list of victims on the ransomware group's data leak website, indicating a successful data breach. In another incident, Dish Network experienced service disruptions due to a BlackBasta ransomware attack between February and March. The extent of these attacks showcases the potency and reach of the BlackBasta group. Over the past 22 months, it has been reported that the BlackBasta ransomware gang extracted over $107 million in payments from its victims, underlining the severity and financial impact of these attacks. There are indications that other groups may attempt to exploit the same vulnerabilities as BlackBasta, particularly a flaw in VMware systems. Italy's cybersecurity agency has suggested a possible link between BlackBasta and these anticipated attacks, although no concrete evidence has been published to support this claim.
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
QakBotUnspecified
2
Qakbot is a type of malware, or malicious software, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites and can steal personal information, disrupt operations, or hold data for ransom. Qakbot is among several malware families buil
BlackbastaUnspecified
2
BlackBasta is a notorious malware group known for its ransomware attacks, which began in April 2022. The group primarily used SharpDepositorCrypter as the main loader for their ransomware throughout most of 2022. In addition to BlackBasta Ransomware, they have also utilized other malicious software
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Blackbasta Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
13 days ago
Blackbasta gang Synlab Italia attack
CERT-EU
4 months ago
BlackBasta Ransomware Attack: Multiple Victims Listed | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
5 months ago
BlackBasta Claims Cyberattack On American Alarm And Communications | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
ESXiArgs Campaign Snares At Least 2,803 Victims | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
CERT-EU
a year ago
Cyber security week in review: May 19, 2023
CERT-EU
6 months ago
Ransomware was behind Toronto Public Library attack | IT World Canada News
CERT-EU
10 months ago
Top 10 Ransomware Attacks in 2023 - Cybersecurity Insiders
CERT-EU
a year ago
Dish Ransomware Attack Impacted Nearly 300,000 People
CERT-EU
6 months ago
Cyber Security Today, Week in Review for Friday, December 1, 2023 | IT World Canada News
CERT-EU
9 months ago
3 Malware Loaders Detected in 80% of Attacks: Security Firm
InfoSecurity-magazine
9 months ago
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
Malwarebytes
3 months ago
PikaBot malware on the rise: What organizations need to know  | Malwarebytes
CERT-EU
9 months ago
3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU
a year ago
24th April – Threat Intelligence Report - Check Point Research
CERT-EU
10 months ago
Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups