Blackbasta Ransomware

Malware updated 15 days ago (2024-11-08T12:43:45.138Z)
Download STIX
Preview STIX
The BlackBasta ransomware group, a malicious entity linked to Russia, has been involved in numerous high-profile cyberattacks over the past 22 months. This malware, typically delivered via phishing emails, is designed to exploit and damage computer systems, often leading to data theft and disruption of operations. The group, which includes former members of the Conti ransomware gang, has used sophisticated tactics such as posing as corporate help desks and using encrypted communications with command and control (C&C) servers via PikaBot. Notably, this group has reportedly extracted over $107 million from its victims during this period. Prominent victims of the BlackBasta ransomware attacks include American Alarm and Communications, a leading provider of security and communication solutions, and Viking Coca-Cola, one of the largest Coca-Cola bottlers in the US. In both instances, the group breached the companies' systems, stole sensitive data, and subsequently published this information on their data leak website. Other significant incidents involve the exposure of personal information, including U.S. passports and driver’s licenses, belonging to bank customers. Investigations into the activities of the BlackBasta ransomware group have also revealed the existence of two other unreported ransomware groups: Ghost Clown and Space Kook. These groups rely on Cloudzy as a C2P and are known for deploying Cobalt Strike implants along with Conti, BlackBasta, Quantum Locker, and Royal ransomware. As the prevalence of these cyber threats continues to grow, it underscores the importance of robust cybersecurity measures and incident response plans for businesses and individuals alike.
Description last updated: 2024-10-29T20:03:07.028Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The QakBot Malware is associated with Blackbasta Ransomware. Qakbot is a malicious software (malware) designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user, with the potential to steal personal information, disrupt operations, or hold data for ransom. Built by dUnspecified
2
The Blackbasta Malware is associated with Blackbasta Ransomware. BlackBasta is a notorious malware, particularly known for its ransomware attacks. The group behind it has been linked with other harmful software such as IcedID, NetSupport, Gozi, PikaBot, Pushdo, Quantum, Royal, and Nokoyawa. Artifacts and indicators of compromise (IoCs) suggest a possible relationUnspecified
2
Source Document References
Information about the Blackbasta Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
25 days ago
Securityaffairs
7 months ago
CERT-EU
a year ago
Malwarebytes
9 months ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago