Two recent reports by cyber security researchers have revealed that the new ransomware group known as Black Basta have claimed to have successfully attacked 50 victims in just two months while also revealing that the new group has links to veteran gangs like REvil and Conti.
“The Black Basta gang has added nearly 50 victims to their list as of the publishing of this report, making them one of the most prominent ransomware groups recently.” – Researchers at Cybereason.
Black Basta had targeted multiples organisations in the United States, Canada, United Kingdom, Australia, and New Zealand and even expanded their ransomware’s ability to target and encrypt multiple systems which were documented in early June when Black Basta added the ability for their ransomware to encrypt VMware ESXI virtual machines that are running on enterprise Linux servers. Additionally, it has been reported that they had partnered with the QBot malware operation to spread their ransomware even further.
The links to Conti are due to similarities in the appearance of Black Basta’s leak Tor site, its ransom notes, its payment site and the behaviour of their support team. Although Conti has denied this claim it has been reported by security researchers at Advanced Intelligence that the Conti ransomware gang’s infrastructure related to several parts of their operation has been shut down.
This could be due to the leaks related to Conti which happened earlier this year due to them taking Russia’s side in its invasion of Ukraine. The leaked chats from the leak revealed that the group had been facing serious financial difficulties and that their boss had gone off the radar. Although some of its members were fully ready to restart operations after several months, possibly under a new variant name.