Ransomware, Malware, Threat Management

Black Basta, Conti ransomware connection examined

MalwareHunterTeam has reported a potential association between the newly-discovered Black Basta ransomware operation, which has already impacted 12 or more companies, and the Conti ransomware group, owing to the groups' similar leak sites, payment sites, and support employee behaviors, according to SecurityWeek. Such similarities were also observed by other cybersecurity researchers. Black Basta has already named nearly a dozen firms it attacked on its leak site, including the American Dental Association and Deutsche Windtechnik, a wind turbine company in Germany. Over 100GB of data from Deutsche Windtechnik has already been exposed by the operation. Meanwhile, the Conti ransomware operation has seen a resurgence of attacks even after the exposure of sensitive information regarding its operations, with the group now aiming attacks at government entities in Costa Rica and Peru. Moreover, Minerva's analysis of Black Basta revealed the administrator privilege requirement for the malware. Black Basta also establishes persistence on compromised systems by infiltrating the Windows Fax service, said Minerva.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.