In a recent collaborative investigation, it was uncovered that the Russia-linked ransomware syndicate, Black Basta, has amassed more than $100 million through extorting over 90 victims since its emergence in April 2022. The cybercrime outfit, employing a double extortion tactic, targets global entities, extracting sensitive data before deploying ransomware to encrypt their networks.
The comprehensive analysis indicates a staggering sum of $107 million received as ransom payments, with individual payments reaching as high as $9 million, and at least 18 ransoms surpassing $1 million. On average, victims paid $1.2 million to regain control of their compromised systems.
Notably, approximately 35% of known Black Basta victims acquiesced to the demands, aligning with industry trends where, despite a dip in ransomware payments in 2022, about 41% of victims opted to pay the ransom.
Initially appearing as a Ransomware-as-a-Service (RaaS) operation post the shutdown of the Conti ransomware gang, Black Basta swiftly emerged as a formidable threat, targeting over 20 victims in its early days. This rapid targeting pace signaled a seasoned proficiency in ransomware operations and a steady stream of access points into networks.
Speculations abound regarding its origins and connections to other notorious cyber threat groups, with strong indications suggesting ties to the former Conti gang or potential associations with various Russian-speaking cyber syndicates.
Moreover, Black Basta’s victim roster boasts several prominent entities, including the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, Toronto Public Library, Rheinmetall (a German defense contractor), Capita (a UK government contract beneficiary), and ABB (a significant US government contractor). While these entities fell victim to Black Basta’s incursions, whether they yielded to the demands remains undisclosed.
To prevent falling victim to Black Basta ransomware, ensure robust cybersecurity measures. Regularly update and patch systems, employ multi-factor authentication, implement network segmentation, and conduct comprehensive employee training on recognizing and handling potential phishing attempts. Regular data backups stored offline are crucial for recovery in case of an attack. Employing reputable cybersecurity software with real-time monitoring capabilities can help detect and mitigate potential threats before they escalate.