blackbasta
Group profile
"Black Basta" is a new ransomware strain discovered during April 2022 - looks in dev since at least early February 2022 - and due to their ability to quickly amass new victims and the style of their negotiations, this is likely not a new operation but rather a rebrand of a previous top-tier ransomware gang that brought along their affiliates.
MITRE ATT&CK TTPs
Initial Access
T1566.001Phishing: Spear phishing Attachment
Victims receive spear phishing emails with attached malicious zip files - typically password protected. That contains malicious doc including .doc, .pdf, .xls
Execution
T1047Windows Management Instrumentation
Utilizes Invoke-TotalExec to push out the ransomware binary.
T1059.001Command and Scripting Interpreter: PowerShell
Black Basta has encoded PowerShell scripts to download additional scripts.
T1569.002System Services: Service Execution
Black Basta has installed and used PsExec to execute payloads on remote hosts.
Persistence
T1098Account Manipulation
Added newly created accounts to the administrators' group to maintain elevated access.
T1136Create Account
Black Basta threat actors created accounts with names such as temp, r, or admin.
T1543.003Create or Modify System Process: Windows Service
Creates benign-looking services for the ransomware binary.
T1574.001Hijack Execution Flow: DLL Search Order Hijacking
Black Basta used Qakbot, which has the ability to exploit Windows 7 Calculator to execute malicious payloads.
Privilege Escalation
T1484.001Domain Policy Modification: Group Policy Modification
Black Basta can modify group policy for privilege escalation and defense evasion.
T1543.003Create or Modify System Process: Windows Service
Creates benign-looking services for the ransomware binary.
T1574.001Hijack Execution Flow: DLL Search Order Hijacking
Black Basta used Qakbot, which has the ability to exploit Windows 7 Calculator to execute malicious payloads.
Recent victims
showing 50 of 523| Date | Website / victim | Sector | Country |
|---|---|---|---|
| 2024-11-20 |  schuff.comschuff.com | Business Services | US |
| 2024-11-21 |  granbyindustries.comgranbyindustries.com | Manufacturing | US |
| 2024-12-12 |  plasmatherm.complasmatherm.com | Technology | US |
| 2024-12-10 |  arunestates.co.ukarunestates.co.uk | Business Services | GB |
| 2024-12-11 |  brachot.combrachot.com | Manufacturing | BE |
| 2024-12-12 |  avril.caavril.ca | Agriculture and Food Production | CA |
| 2025-01-11 |  migonline.commigonline.com | Financial Services | US |
| 2024-12-17 |  bnext.nlbnext.nl | Technology | NL |
| 2024-11-12 |  fote.comfote.com | Consumer Services | US |
| 2024-10-31 |  bender.debender.de | Manufacturing | DE |
| 2024-11-26 |  valveworksusa.comvalveworksusa.com | Manufacturing | US |
| 2024-11-21 |  wikov.comwikov.com | Manufacturing | CZ |
| 2024-11-20 |  activedynamics.comactivedynamics.com | Manufacturing | CA |
| 2024-12-05 |  bathfitter.combathfitter.com | Business Services | CA |
| 2024-11-27 |  grimaldialliance.comgrimaldialliance.com | Transportation/Logistics | IT |
| 2024-12-18 |  medion.commedion.com | Technology | DE |
| 2024-10-10 |  furmanos.comfurmanos.com | Agriculture and Food Production | US |
| 2024-10-17 |  interspiro.cominterspiro.com | Manufacturing | US |
| 2024-10-22 |  hamptonsecurities.comhamptonsecurities.com | Financial Services | CA |
| 2024-10-24 |  g-s.co.ukg-s.co.uk | Agriculture and Food Production | GB |
| 2024-10-24 |  cafezupas.comcafezupas.com | Hospitality and Tourism | US |
| 2024-10-29 |  westbankcorp.comwestbankcorp.com | Construction | CA |
| 2024-10-25 |  btci.combtci.com | Technology | GB |
| 2024-10-31 |  beko-technologies.combeko-technologies.com | Manufacturing | DE |
| 2024-12-04 |  snatt.itsnatt.it | Transportation/Logistics | IT |
| 2024-11-13 |  medicacorp.commedicacorp.com | Healthcare | US |
| 2024-11-14 |  lornestewartgroup.comlornestewartgroup.com | Business Services | GB |
| 2024-12-04 |  vossko.devossko.de | Agriculture and Food Production | DE |
| 2024-10-17 |  mcleanmortgage.commcleanmortgage.com | Financial Services | US |
| 2024-10-16 |  suit-kote.comsuit-kote.com | Business Services | US |
| 2024-10-23 |  andyfrain.comandyfrain.com | Business Services | US |
| 2024-11-04 |  rembe.derembe.de | Manufacturing | DE |
| 2024-10-31 |  gfemlaw.comgfemlaw.com | Business Services | US |
| 2024-10-16 |  instinctpetfood.cominstinctpetfood.com | Agriculture and Food Production | US |
| 2024-10-17 |  eatonmetal.comeatonmetal.com | Manufacturing | US |
| 2024-10-18 |  continentalserves.comcontinentalserves.com | Transportation/Logistics | US |
| 2024-10-16 |  wachter.comwachter.com | Business Services | US |
| 2024-10-18 |  jonti-craft.comjonti-craft.com | Manufacturing | US |
| 2024-10-22 |  isaitaly.comisaitaly.com | Manufacturing | IT |
| 2024-10-05 |  rockportmortgage.comrockportmortgage.com | Financial Services | US |
| 2024-10-14 |  kmcglobal.comkmcglobal.com | Manufacturing | US |
| 2024-10-23 |  rauch.derauch.de | Agriculture and Food Production | DE |
| 2024-10-10 |  daserv.comdaserv.com | Technology | US |
| 2024-10-10 |  celo.comcelo.com | Technology | US |
| 2024-10-09 |  rosenlegal.comrosenlegal.com | Business Services | US |
| 2024-10-08 |  weberpackaging.comweberpackaging.com | Manufacturing | US |
| 2024-10-01 |  tuggleduggins.comtuggleduggins.com | Business Services | US |
| 2024-09-28 |  temple-inc.comtemple-inc.com | Manufacturing | US |
| 2024-10-03 |  milleredge.commilleredge.com | Manufacturing | US |
| 2024-10-08 |  gkcorp.comgkcorp.com | Manufacturing | US |