Blackbasta Ransomware

Malware updated a month ago (2024-11-29T14:41:58.687Z)
Download STIX
Preview STIX
The BlackBasta ransomware is a malicious software developed by a Russia-linked group known for exploiting and damaging computer systems, often without the user's knowledge. The group has been involved in numerous high-profile cyberattacks, including those on American Alarm and Communications, a leading provider of security and communication solutions, and Viking Coca-Cola, one of the largest Coca-Cola bottlers in the US. In these attacks, the group stole data and published it on their data leak website. Over the past 22 months, the BlackBasta ransomware gang has extracted over $107 million from its victims. BlackBasta's method of operation includes the use of botnet tools like PikaBot for encrypted communications with command and control (C&C) servers. By January 2024, the group had shifted to using PikaBot, along with another emerging threat group, Water Curupira, which also used PikaBot to drop BlackBasta ransomware. Moreover, the operators were observed posing as corporate help desks, contacting employees under the guise of helping them mitigate an ongoing spam attack. Investigations have revealed the existence of two other unreported ransomware groups, Ghost Clown and Space Kook, that rely on Cloudzy as a C2P. These groups have been seen deploying Cobalt Strike implants and various types of ransomware, including Conti and BlackBasta. Notably, BlackBasta has been linked to the use of QakBot, typically delivered via phishing emails, to target multiple industries. It was also reported that BlackBasta exposed personal information, such as U.S. passports and driver’s licenses, belonging to bank customers.
Description last updated: 2024-11-28T11:51:37.921Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Blackbasta Malware is associated with Blackbasta Ransomware. BlackBasta is a notorious malware group that has emerged as a significant player in the ransomware space. The group has demonstrated an ability to adapt and evolve their tactics, making them a leading entity in the Russian-language ransomware domain. Initially, BlackBasta was observed using a botnetUnspecified
3
The QakBot Malware is associated with Blackbasta Ransomware. Qakbot is a type of malware, or malicious software, that infiltrates computer systems to exploit and damage them. This harmful program can infect devices through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt opeUnspecified
2
The Pikabot Malware is associated with Blackbasta Ransomware. Pikabot is a malicious software (malware) that has been used extensively by various threat groups to exploit and damage computer systems. Initially, the BlackBasta group used phishing and vishing to deliver malware types such as DarkGate and Pikabot but quickly sought alternatives for further maliciUnspecified
2
Source Document References
Information about the Blackbasta Ransomware Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
Securityaffairs
2 months ago
Securityaffairs
8 months ago
CERT-EU
a year ago
Malwarebytes
10 months ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
a year ago