Also known as: no_name_software
Category: Malware
Type: Ransomware, (RaaS)
Platform: Windows and Linux
Variants: Windows variant and Linux variant
Damage potential: Data theft, ransom demands, network spread, reputation damage
Overview
Black Basta is a ransomware strain that often targets corporate networks. It was first spotted in 2022 and since then has typically affected devices with Windows or Linux operating systems.
Black Basta infiltrates systems by spear phishing, a highly personalized cyberattack that tricks its recipients to share sensitive information, such as login credentials. Once on a system, Black Basta encrypts files and leaves a note demanding payment.
In some cases, cybercriminals behind Black Basta also threatened victims to publish stolen data publicly, urging them to pay the ransom.
Possible symptoms
One notable thing about Black Basta ransomware is how it changes the wallpaper and desktop items of a victim. So if you suddenly see a black wallpaper with a ransom note and mention of Black Basta, you’ll know that your device is infected. Other common symptoms include:
- Inaccessible files.
- Notes titled “.readme.txt” in encrypted folders with instructions on how to pay the ransom.
- Files with “a.basta” extensions.
- Sluggish system performance.
- Increase in network traffic or used data.
Sources of infection
Black Basta often gains access to systems through phishing attacks or vulnerabilities in Remote Desktop Protocols (RDP) and other software. Black Basta is also known to use other malware, such as QBot, to compromise networks.
Protection
Phishing awareness is key for not falling victim to Black Basta and similar cyber threats. Here are some other measures you can adopt to protect yourself or your company from this ransomware:
- Regularly back up important data.
- Update all software to make use of recent security patches.
- Enable multi-factor authentication (MFA) for extra protection against unauthorized access.
- Implement network segmentation to prevent malware from spreading over the network.
- Disable unnecessary Remote Desktop Protocol (RDP) and other remote access ports to avoid vulnerabilities.
- Limit user access to strictly necessary ones.
- Run regular security audits.
- Have an incident response plan detailing how to isolate infected systems, inform stakeholders, and restore data from clean backups.
- Organize security awareness training for employees.
Removal
You can use antivirus software to remove Black Basta ransomware, but keep in mind that such tools are often more efficient in preventing the infection than removing it.
- Disconnect the device from the network to stop Black Basta from spreading into other devices.
- Run a full system scan using your antivirus software and follow the instructions to remove the ransomware.
- If you need help with file recovery or decryption, consult a cybersecurity expert.