Blackbasta Ransomware

Malware updated a month ago (2024-11-29T14:41:58.687Z)

Download STIX

Preview STIX

The BlackBasta ransomware is a malicious software developed by a Russia-linked group known for exploiting and damaging computer systems, often without the user's knowledge. The group has been involved in numerous high-profile cyberattacks, including those on American Alarm and Communications, a leading provider of security and communication solutions, and Viking Coca-Cola, one of the largest Coca-Cola bottlers in the US. In these attacks, the group stole data and published it on their data leak website. Over the past 22 months, the BlackBasta ransomware gang has extracted over $107 million from its victims. BlackBasta's method of operation includes the use of botnet tools like PikaBot for encrypted communications with command and control (C&C) servers. By January 2024, the group had shifted to using PikaBot, along with another emerging threat group, Water Curupira, which also used PikaBot to drop BlackBasta ransomware. Moreover, the operators were observed posing as corporate help desks, contacting employees under the guise of helping them mitigate an ongoing spam attack. Investigations have revealed the existence of two other unreported ransomware groups, Ghost Clown and Space Kook, that rely on Cloudzy as a C2P. These groups have been seen deploying Cobalt Strike implants and various types of ransomware, including Conti and BlackBasta. Notably, BlackBasta has been linked to the use of QakBot, typically delivered via phishing emails, to target multiple industries. It was also reported that BlackBasta exposed personal information, such as U.S. passports and driver’s licenses, belonging to bank customers.

Description last updated: 2024-11-28T11:51:37.921Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Blackbasta Malware is associated with Blackbasta Ransomware. BlackBasta is a notorious malware group that has emerged as a significant player in the ransomware space. The group has demonstrated an ability to adapt and evolve their tactics, making them a leading entity in the Russian-language ransomware domain. Initially, BlackBasta was observed using a botnet	Unspecified	3
The QakBot Malware is associated with Blackbasta Ransomware. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt ope	Unspecified	2
The Pikabot Malware is associated with Blackbasta Ransomware. Pikabot is a malicious software (malware) that has been used extensively by various threat groups to exploit and damage computer systems. Initially, the BlackBasta group used phishing and vishing to deliver malware types such as DarkGate and Pikabot but quickly sought alternatives for further malici	Unspecified	2

Source Document References

Information about the Blackbasta Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a month ago	BlackBasta Ransomware Brand Picks Up Where Conti Left Off
Securityaffairs	2 months ago	Black Basta affiliates used Microsoft Teams in recent attacks
Securityaffairs	8 months ago	Blackbasta gang Synlab Italia attack
CERT-EU	a year ago	Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups
Malwarebytes	10 months ago	PikaBot malware on the rise: What organizations need to know \| Malwarebytes
CERT-EU	a year ago	BlackBasta Claims Cyberattack On American Alarm And Communications \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	2 years ago	Dish Ransomware Attack Impacted Nearly 300,000 People
CERT-EU	a year ago	3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU	a year ago	3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU	a year ago	BlackBasta Ransomware Attack: Multiple Victims Listed \| #ransomware \| #cybercrime \| National Cyber Security Consulting
InfoSecurity-magazine	a year ago	Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
CERT-EU	a year ago	Ransomware was behind Toronto Public Library attack \| IT World Canada News
CERT-EU	a year ago	Top 10 Ransomware Attacks in 2023 - Cybersecurity Insiders
CERT-EU	2 years ago	Cyber security week in review: May 19, 2023
CERT-EU	2 years ago	24th April – Threat Intelligence Report - Check Point Research
CERT-EU	2 years ago	ESXiArgs Campaign Snares At Least 2,803 Victims \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware - National Cyber Security
CERT-EU	a year ago	Cyber Security Today, Week in Review for Friday, December 1, 2023 \| IT World Canada News