Black Basta (0d5b24ba-68dc-50fa-8268-3012180fe374)
Black Basta is ransomware written in C++ that has been offered within the ransomware-as-a-service (RaaS) model since at least April 2022; there are variants that target Windows and VMWare ESXi servers. Black Basta operations have included the double extortion technique where in addition to demanding ransom for decrypting the files of targeted organizations the cyber actors also threaten to post sensitive information to a leak site if the ransom is not paid. Black Basta affiliates have targeted multiple high-value organizations, with the largest number of victims based in the U.S. Based on similarities in TTPs, leak sites, payment sites, and negotiation tactics, security researchers assess the Black Basta RaaS operators could include current or former members of the Conti group.[Palo Alto Networks Black Basta August 2022][Deep Instinct Black Basta August 2022][Minerva Labs Black Basta May 2022][Avertium Black Basta June 2022][NCC Group Black Basta June 2022][Cyble Black Basta May 2022]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Black Basta (0d5b24ba-68dc-50fa-8268-3012180fe374) | Tidal Software | Black Basta Affiliates (7f52cadb-7a12-4b9d-9290-1ef02123fbe4) | Tidal Groups | 1 |