Ransomware Group Black Basta Evolves Its Tactics
Notable Findings
The Black Basta ransomware group has been under the spotlight recently, with several notable findings emerging. One striking fact is that a 17-year-old minor is allegedly a member of the group. Moreover, the group has apparently developed its attack strategies, utilizing social engineering techniques, as seen in the leaked chats.
Rapid Network Compromise through Known Vulnerabilities
In addition to using social engineering tactics, Black Basta exploits known vulnerabilities, misconfigurations, and insufficient security controls to gain access to target networks. According to researchers at Qualys, the group takes advantage of these weaknesses to compromise systems. The published reports show that:
- SMB misconfigurations
- Unsecured RDP servers
- Weak authentication mechanisms
- Malware droppers for code delivery
Legitimate File Sharing Platforms Used for Data Hosting
To remain undetected, the cybercriminals utilize legitimate file sharing platforms like transfer.sh, temp.sh, and send.vis.ee to host user data. Once the criminals gain access to a company’s network, they typically waste no time. According to experts, from the initial attack to the network-wide compromise, it usually takes a few hours, sometimes even minutes.
FAQs
Q: What is Black Basta ransomware group?
A: Black Basta is a ransomware group known for its malicious activities.
Q: What is the age of one of the group’s members?
A: A 17-year-old minor is allegedly a member of the group.
Q: What tactics does the group use?
A: The group uses social engineering techniques and exploits known vulnerabilities, misconfigurations, and insufficient security controls to gain access to target networks.
Q: How do they remain undetected?
A: They use legitimate file sharing platforms to host user data, making it difficult to detect.
Q: How quickly do they compromise networks?
A: In most cases, it takes a few hours, sometimes even minutes, from the initial attack to the network-wide compromise.
