A new ransomware dubbed Black Basta that came in to limelight last month, has targeted at least a dozen companies and believed to be connected with Conti group.
Hackers behind Black Basta use malware to encrypt files on compromised systems, appending the .basta extension to encrypted files. Alike other ransomware groups, they steal large amounts of information from victims in an effort to increase their chances of getting paid.
Researchers conducted a technical analysis of the Black Basta ransomware and noted that the malware requires administrator privileges to work. Also the malware hijacks the Windows Fax service for persistence on the infected systems.
The list of victims in dozens includes the American Dental Association and German wind turbine giant Deutsche Windtechnik, which recently confirmed the breach, but claimed its wind turbines were never at risk.
The hackers have published more than 100 Gb of data allegedly stolen from Deutsche Windtechnik.
In the meantime, the Conti group continues announcing new targets, including government organizations in Peru and Costa Rica. Conti ransomware activity has surged in the past weeks, despite the cybercriminals’ operations being exposed by a pro-Ukraine hacktivist.
The hacktivist used a Twitter account named “ContiLeaks” to make available chat logs, credentials, email addresses, C&C server details and even source code from the Conti operations. The leaks came in response to the Conti group expressing its support for the Russian government in its invasion of Ukraine.
But the leaks could hurt Conti operations, the number of new victims added to Conti’s website in March 2022 exceeded 70, significantly more than the average of 43 victims per month seen in 2021.