The Black Basta ransomware gang now supports encryption of VMware ESXi virtual machines (VMs) running on Linux servers.
Researchers from Uptycs first reported the discovery of the new Black Basta ransomware variant that supports encryption of VMWare ESXi servers.
The move aims at expanding potential targets, the support for VMware ESXi was already implemented by many ransomware families, including LockBit, HelloKitty, BlackMatter, and REvil.
Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model.
The ransomware will append the .basta extension to the encrypted filenames and create ransom notes named readme.txt in each folder.
Researchers from NCC Group recently spotted a new partnership in the threat landscape between the Black Basta ransomware group and the QBot malware operation. NCC Group researchers discovered the new partnership while investigating a recent incident, unlike past collaborations Black Basta gang is using QBot to spread laterally throughout the target network.
Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.
Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)
To nominate, please visit:
https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Black Basta ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a…
A new Russia-linked APT group, tracked as Laundry Bear, has been linked to a Dutch…
Nova Scotia Power confirms it was hit by a ransomware attack but hasn't paid the…
Cetus Protocol reported a $223 million crypto theft and is offering to drop legal action…
SafePay ransomware hit Marlboro-Chesterfield Pathology, stealing personal data of 235,000 people in a major breach.…
China-linked APT exploit Ivanti EPMM flaws to target critical sectors across Europe, North America, and…
This website uses cookies.
