Black Basta Ransomware DescriptionType: Ransomware
The Black Basta Ransomware is a potent threat that is being used by a cybercriminal organization to lock the data of targeted organizations. The operation appears to be focused on enterprise targets and not on individual users specifically. The uncrackable encryption algorithm of the threat ensures that all locked files will be unsalvageable without having access to the correct decryption keys.
Whenever the Black Basta Ransomware encrypts a file, it also modifies that file's original name. Indeed, victims will notice that the vast majority of files stored on the breached device now carry the '.basta' file extension. In addition, the threat will change the current desktop background with a new image and create a text file on the system named 'readme.txt.'
Ransom Note's Overview
The message presented in the wallpaper image is short and concise. It instructs victims to open the text file to receive additional details about their next supposed steps. The ransom note delivered via the text file reveals that the hackers a running a double-extortion scheme. Indeed, according to the message, numerous sensitive files have been collected and exfiltrated from the infected device.
The hackers threaten to release this private and confidential information to the public in case the demanded ransom is not paid by the victims. The leaked information will be published on a dedicated website hosted on the TOR network. The site always contains a chat function to contact the attackers. Typically, cybercrime organizations focused on ransomware operations demand millions from their victims to help restore the encrypted data, and Black Basta Ransomware is likely to demand the same.
The message presented in the desktop background image is:
'Your network is encrypted by the Black Basta group.
Instructions in the text file readme.txt
The ransom note found inside the text file is:
Your data are stolen and encrypted
The data will be published on TOR website if you do not pay the ransom
You can contact us and decrypt one file for free on this TOR site
(you should download and install TOR browser first hxxps://torproject.org)
Your company id for log in:'
This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.