The notorious Black Basta ransomware gang, known for its sophisticated and targeted attacks, has recently added its 20th victim to the list.
Among the recent victims of the Black Basta ransomware gang are noteworthy entities like the Raleigh, North Carolina Housing Authority, and Adams Bank & Trust.
These organizations, along with others, have fallen prey to the group’s cyber attack spree. The ransomware gang has gained access to sensitive customer information, including personally identifiable information (PII), account numbers, and more.
The Black Basta ransomware gang has claimed victims hailing from various countries.
The list includes 11 victims from the United States, 6 from Germany, 1 from the Netherlands, and 1 from India. Since the victims belong to different nations and industries, the motivations and intentions for this attack are still not established.
Black Basta ransomware gang claims multiple victims
The Black Basta victims span a diverse range of industries, with recent reports highlighting the infiltration of a German organization in the Appliances Electrical and Electronics Manufacturing sector.
The threat actors have also audaciously claimed that they are hacking high-profile organizations in multiple parts of Europe and America.
The group has asserted its successful breach of companies like Deutsche Leasing AG in Germany, Twin Towers Trading, Inc. in the United States, and Van der Ven Auto’s B.V. in the Netherlands.
The Cyber Express reached out to some of the major victims, including Adams Bank & Trust and the North Carolina Housing Authority. However, an official statement from the affected companies is yet to be issued, leaving the hacking claims unverified.
However, the Black Basta ransomware group has previously been credited for many high-profile cyber-attacks.
A recent report by cybersecurity firm Sophos has shed new light on the growing threat posed by ransomware groups, with the Black Basta ransomware gang prominently featured.
The investigation into ransomware attacks during the first half of 2023 revealed striking connections between Black Basta, Hive, and Royal ransomware gang. Similarities in attack forensics have unveiled a complex web of affiliations among these groups.
While some of the victims’ websites may appear to operate normally post-attack, hackers have a way to get around this loophole because cybercriminals often compromise backend systems. At the same time, the front end retains its regular functioning.
What makes the Black Basta ransomware gang stand out?
Delving deeper into the tactics of the Black Basta ransomware gang reveals a multifaceted criminal enterprise.
As reported by BlackBerry, Black Basta emerged in early 2022 as a formidable ransomware operator and Ransomware-as-a-Service (RaaS) threat actor.
Rapidly climbing the ranks among threat actors, and quickly racked up a bunch of victims, both prominent enterprises and smaller organizations, across various countries.
Black Basta’s strategic approach stands out in the crowded ransomware game. Instead of employing an aggressive front-end approach, the group meticulously targets organizations in the U.S., Japan, Canada, the United Kingdom, Australia, and New Zealand.
The hacker collective uses tactics involving encrypting critical data and servers, accompanied by the threat of exposing sensitive information on public leak sites.
The roots of Black Basta’s operation can be traced back to the defunct Conti threat actor group.
Striking similarities in malware development, leak sites, and communication methods for negotiation and data recovery point to a connection between the two.
The ramifications of Black Basta’s actions extend beyond mere financial losses. The group’s prior targeting of health and public health sector organizations in 2022 didn’t go unnoticed, and it became one of the most notorious hacking groups of the year.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
