Black Basta Ransomware
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Threat Level: | 100 % (High) |
| Infected Computers: | 3 |
| First Seen: | April 27, 2022 |
| Last Seen: | October 4, 2022 |
| OS(es) Affected: | Windows |
The Black Basta Ransomware is a potent threat that is being used by a cybercriminal organization to lock the data of targeted organizations. The operation appears to be focused on enterprise targets and not on individual users specifically. The uncrackable encryption algorithm of the threat ensures that all locked files will be unsalvageable without having access to the correct decryption keys.
Whenever the Black Basta Ransomware encrypts a file, it also modifies that file's original name. Indeed, victims will notice that the vast majority of files stored on the breached device now carry the '.basta' file extension. In addition, the threat will change the current desktop background with a new image and create a text file on the system named 'readme.txt.'
Ransom Note's Overview
The message presented in the wallpaper image is short and concise. It instructs victims to open the text file to receive additional details about their next supposed steps. The ransom note delivered via the text file reveals that the hackers a running a double-extortion scheme. Indeed, according to the message, numerous sensitive files have been collected and exfiltrated from the infected device.
The hackers threaten to release this private and confidential information to the public in case the demanded ransom is not paid by the victims. The leaked information will be published on a dedicated website hosted on the TOR network. The site always contains a chat function to contact the attackers. Typically, cybercrime organizations focused on ransomware operations demand millions from their victims to help restore the encrypted data, and Black Basta Ransomware is likely to demand the same.
The message presented in the desktop background image is:
'Your network is encrypted by the Black Basta group.
Instructions in the text file readme.txtThe ransom note found inside the text file is:
Your data are stolen and encrypted
The data will be published on TOR website if you do not pay the ransom
You can contact us and decrypt one file for free on this TOR site
(you should download and install TOR browser first hxxps://torproject.org)
hxxps://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/Your company id for log in:'
