The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers.
Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers.
The move aims at expanding potential targets, the support for VMware ESXi was already implemented by many ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil.
Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model.
The ransomware will append the .basta extension to the encrypted filenames and create ransom notes named readme.txt in each folder.
Researchers from NCC Group recently spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. NCC Group researchers discovered the new partnership while investigating a recent incident, unlike past collaborations Black Basta gang is using QBot to spread laterally throughout the target network.
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Black Basta ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.