Researchers have discovered that a newcomer to the ransomware space has coopted a 14-year-old malware version to enable it maintain persistence on a targeted network in a recent attack.
Security consulting firm researchers from NCC Group noted in a blog post released this week that Black Basta, a ransomware group that appeared in April, used Qbot (a.k.a. Quakbot) to migrate laterally on a compromised network. Black Basta’s operation was also studied in depth by the researchers. Researchers discovered that a new cybercriminal cell used the ever-evolving info-stealing virus to travel laterally on a network in a recent attack.
The gang also uses an earlier-generated RSA encrypted key and 0x00020000 to change files, which are added to the end of the file and then utilized for decryption.