Black Basta, a new ransomware operation that has targeted at least a dozen firms, has some researchers suspecting a link to the notorious Conti group.
Although the presence of Black Basta was discovered in mid-April, MalwareHunterTeam researchers discovered a sample that appeared to have been built in February. Black Basta’s hackers encrypt data on infected systems with malware, then append the.basta extension to the encrypted files.
Minerva, a cybersecurity organisation, did a technical investigation of the Black Basta ransomware and discovered that it required administrator credentials to function. The malware hijacks the Windows Fax service for persistence on infected PCs, according to the company’s researchers.