• Home
  • News
  • Black Basta Catches 6 In Its Web

Black Basta Catches 6 In Its Web

Miklos Zoltan

By Miklos Zoltan . 22 February 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Black Basta confirmed hitting 6 targets across 3 states during a massive hacking operation. The cybercriminal group also posted evidence of the attack, along with brief descriptions of each victim.

  • The victims belong to different, unrelated industries and are divided between 3 states: US, UK, and Australia
  • At this moment, it’s unclear how the negotiations are going and whether any of the victims have decided to pay the ransom
  • Black Basta typically uses the double extortion tactic, both encrypting, cloning, and stealing the victim’s files
  • The group is also known for its targeted and surgical attacks, which diverge from the typical spray-and-pray tactic

Black Basta is a relatively new cybercriminal ring that rose to power faster than expected. The group doesn’t come with anything new in terms of overall MO or tactics, but it does seem more disciplined than others.

Black Basta operators always research their targets extensively before striking to increase their success rates. This makes them more dangerous overall than your typical spray-and-pray ransomware actor.

X showing the BlackBasta attack on the 6 victims
https://twitter.com/FalconFeedsio/status/1760620457785524308

The double extortion tactic also makes Black Basta a feared adversary due to the potential losses associated with this MO. The operators will not only encrypt the victim’s systems but also clone and download important confidential data.

This forces the victim to negotiate both the decryption key and the deletion of the data held for ransom. Naturally, this increases the value of the ransom and makes negotiations more difficult to conduct.

The Future Of Black Basta

To truly understand Black Basta’s future, we must first acknowledge its past. While there isn’t much information about the organization’s inception, there are some theories. The most prevalent and well-supported one claims that Black Basta is the offspring of Conti.

Conti was once the most formidable and prolific ransomware organization with thousands of victims worldwide. The group was dissolved due to law enforcement agencies cracking its website and destroying its operations. However, it didn’t die out.

As is typically the case with powerful ransomware groups, these entities never truly go away. Instead, they rebrand themselves and reorganize their manpower, tools, and resources under different identities. The theory is that Black Basta was one such plan B for Conti.

This theory is supported by the group’s general MO, negotiation tactics, malware development, and preferred communication and payment channels. These may all be coincidences, but, as some have suggested, there are simply too many of them.

If the rumors are true and Black Basta is the illegitimate successor of Conti, this may explain the actor’s prolific profile and discipline. It may also explain why the organization appears to thrive in a climate that isn’t exactly conducive to ransomware activities.

Lockbit’s downfall is the latest example of that. The mammoth ransomware ring fell victim to a joint operation that brought together the UK-based National Crime Agency and the FBI. Operation Cronos sought to infiltrate and destroy Lockbit, which is exactly what happened.

This doesn’t mean that Black Basta is impervious to the law’s long arm of justice. But it does mean that the group must be doing a good job evading it so far.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment