Black Basta, a new ransomware gang has emerged in the scene causing massive breaches to companies and organizations for hundreds of thousands to millions of dollars.
The threat actor has quickly risen to prominence this month, infiltrating at least twelve different companies in a matter of weeks.
The Black Basta virus used by the gang is extremely difficult to detect because it operates in complete stealth and rarely manifests any symptoms. Thus, the majority of antivirus software is unable to detect ransomware such as the Black Basta virus.
The first known Black Basta attacks occurred in the second week of April, and the operation quickly spread throughout the world, targeting businesses of all sizes.
Black Basta Ransomware
Black Basta is a dangerous ransomware virus that encrypts the files on the computers it infects.
According to Bleeping Computer, "Like other enterprise-targeting ransomware operations, Black Basta will steal corporate data and documents before encrypting a company's devices."
Additionally, "This stolen data is then used in double-extortion attacks, where the threat actors demand a ransom to receive a decryptor and prevent the publishing of the victim's stolen data."
The data theft portion of these attacks is carried out on the Tor network's "Black Basta Blog" or "Basta News" site, which contains a list of all victims who have not paid a ransom to the hacker group.
Black Basta will gradually leak information about each victim in an attempt to coerce them into paying a ransom.
The malware deployed by the ransomware gang operates at a swift level that does not usually show symptoms. On rare occasions, it may be possible to detect the Black Basta virus during the course of an infection process.
It can occasionally cause a significant system slowdown, particularly in cases where the infected computer does not have a lot of processing power and/or has a large amount of data stored on it, as described above.
When infected with the virus, Black Basta victims will notice a sudden unfamiliar process taking up the majority of your computer's CPU and RAM when infected with the virus. This can also be seen in the PC's Task Manager if this occurs.
The Black Basta ransomware gang is a fairly new threat to actors in the scene. However, numerous people are thinking that Black Basta is a rebrand or a regroup of previous hackers due to its efficient and successful attacks.
Read Also: [VIRAL FLASHBACK] Mydoom Virus: Why Is It Considered the Worst Computer Virus in History?
How To Remove the Black Basta Virus
When users suspect they are being attacked, they can mitigate the incident with the following steps, as recommended by 2-Spyware. The first task is to ensure that all network communications are terminated as quickly as possible. This includes disconnecting every machine that is connected to a network. Here are the following steps to do so:
- Go to the Windows search bar and navigate to the Control Panel.
- Select the Network and Internet option.
- Select the Network and Sharing Center, selecting it from the menu.
- Click "Change adapter settings," which can be found on the left-hand side of the screen.
- Right-click on your connection and select "Disable."
- To continue the process, confirm it by selecting "Yes."
If users are not confident in their ability to stop the infiltration of the Black Basta virus, they can immediately force shut down their computers once an attack is detected. Device owners can then contact a specialist to help them with the situation for further assistance.
Shutting down the device will put a stop to the encryption process in its tracks. However, users must note that they should not attempt to restart the system on their own, as the virus will resume its activity and there will be nothing users can do to prevent it from happening.