Nearly 50 organizations in the U.S., Canada, Australia, New Zealand, and the U.K. have been compromised by the Black Basta ransomware operation since its emergence in April, making it one of the more significant new ransomware gangs, reports TechRepublic.
Double extortion techniques have been leveraged in Black Basta's new ransomware strain, with the group threatening leaks of stolen files should its ransomware demands that reach up to millions of dollars not be paid, according to a report from Cybereason, which also showed that Black Basta's attack was done in collaboration with QBot malware. Black Basta may be operated by some former Conti and REvil ransomware group members owing to the new operation's attacks and chosen targets, researchers noted.
"Due to their rapid ascension and the precision of their attacks, Black Basta is likely operated by former members of the defunct Conti and REvil gangs, the two most profitable ransomware gangs in 2021," said Cybereason co-founder and CEO Lior Div.
Current members of Conti have previously denied association with Black Basta.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.