Blackbasta Ransomware

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
BlackBasta is a ransomware-type malware, designed to infiltrate systems undetected and hold data hostage in exchange for ransom. Originating from Russian-speaking regions, this malicious software has been linked to numerous high-profile cyber attacks. The group behind BlackBasta has demonstrated its capacity to breach even well-secured corporations, causing significant operational disruptions and stealing sensitive data. Recently, Viking Coca-Cola, one of the largest Coca-Cola bottlers in the U.S., fell victim to a BlackBasta attack. The company's name was added to the list of victims on the ransomware group's data leak website, indicating a successful data breach. In another incident, Dish Network experienced service disruptions due to a BlackBasta ransomware attack between February and March. The extent of these attacks showcases the potency and reach of the BlackBasta group. Over the past 22 months, it has been reported that the BlackBasta ransomware gang extracted over $107 million in payments from its victims, underlining the severity and financial impact of these attacks. There are indications that other groups may attempt to exploit the same vulnerabilities as BlackBasta, particularly a flaw in VMware systems. Italy's cybersecurity agency has suggested a possible link between BlackBasta and these anticipated attacks, although no concrete evidence has been published to support this claim.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Data Leak
Locker
Vulnerability
Phishing
Zscaler
Ransom
Cloudzy
Vmware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
QakBotUnspecified
2
Qakbot is a potent malware, a malicious software designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it has the potential to steal personal information, disrupt operations, or e
BlackbastaUnspecified
2
BlackBasta is a malicious software (malware) known for its disruptive and damaging effects on computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or even ho
PikabotUnspecified
1
PikaBot is a harmful malware that emerged in 2023, designed to exploit and damage computer systems. It infiltrates systems through dubious downloads, emails, or websites, often undetected by the user. Once inside a system, PikaBot can pilfer personal information, disrupt operations, or even ransom d
ContiUnspecified
1
Conti is a type of malware, specifically ransomware, known for its ability to disrupt operations, steal personal information, and hold data hostage for ransom. The malicious software infiltrates systems via suspicious downloads, emails, or websites, often unbeknownst to the user. It has been used in
Ghost ClownUnspecified
1
Ghost Clown is a malware entity that has been implicated in the deployment of malicious software, specifically ransomware strains like BlackBasta and Conti. This previously undetected ransomware group, along with another affiliate named Space Kook, were identified by anti-ransomware company Halcyon.
Royal RansomwareUnspecified
1
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Space KookUnspecified
1
Space Kook is a threat actor, or malicious entity, identified in the cybersecurity industry for its involvement in ransomware operations. Named after a villain from Scooby Doo, Space Kook was first linked to malicious activities by Halcyon's analysis, which showed connections to an initial access br
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Blackbasta Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
3 months ago
Blackbasta gang Synlab Italia attack
CERT-EU
a year ago
Iran-Run ISP ‘Cloudzy’ Caught Supporting Nation-State APTs, Cybercrime Hacking Groups
Malwarebytes
5 months ago
PikaBot malware on the rise: What organizations need to know  | Malwarebytes
CERT-EU
7 months ago
BlackBasta Claims Cyberattack On American Alarm And Communications | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
a year ago
Dish Ransomware Attack Impacted Nearly 300,000 People
CERT-EU
a year ago
3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU
a year ago
3 Malware Loaders Detected in 80% of Attacks: Security Firm
CERT-EU
7 months ago
BlackBasta Ransomware Attack: Multiple Victims Listed | #ransomware | #cybercrime | National Cyber Security Consulting
InfoSecurity-magazine
a year ago
Four in Five Cyber-Attacks Powered by Just Three Malware Loaders
CERT-EU
9 months ago
Ransomware was behind Toronto Public Library attack | IT World Canada News
CERT-EU
a year ago
Top 10 Ransomware Attacks in 2023 - Cybersecurity Insiders
CERT-EU
a year ago
Cyber security week in review: May 19, 2023
CERT-EU
a year ago
24th April – Threat Intelligence Report - Check Point Research
CERT-EU
a year ago
ESXiArgs Campaign Snares At Least 2,803 Victims | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security
CERT-EU
8 months ago
Cyber Security Today, Week in Review for Friday, December 1, 2023 | IT World Canada News