Examining the Black Basta Ransomware’s Infection Routine

Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time.

On April 20, 2022, a user named Black Basta posted on underground forums known as XSS.IS and EXPLOIT.IN to advertise that it intends to buy and monetize corporate network access credentials for a share of the profits. The advertisement also specified that it was looking for organizations based in the United States, Canada, United Kingdom, Australia, and New Zealand, which are all English-speaking countries. A report noted that malicious actors acquired stolen credentials from some darknet websites that peddle an enormous amount of exfiltrated data to the underground market.

Read more…
Source: Trend Micro