Black Basta Ransomware Group

Black Basta is a emerged from Conti dissolution, over 500 victims worldwide since Apr 2022. This profile covers the group's operations, tactics, known campaigns, and defensive recommendations. This report provides Mjolnir Security's analysis of the group's operations, extortion model, known targeting, and recommended defenses.

Overview

Black Basta is a ransomware and/or data extortion operation tracked by Mjolnir Security. The group maintains a presence on the dark web where victim data is published to pressure payment. Operations typically involve double extortion: encrypting victim systems and threatening to leak stolen data.

Tactics & Techniques

Common MITRE ATT&CK techniques observed in ransomware operations like Black Basta:

Detection & Defense

Recommended defenses against Black Basta and similar ransomware groups:

• Offline backups: Maintain tested, immutable backups disconnected from production networks
• EDR/XDR: Deploy endpoint detection with behavioral ransomware protection and rollback
• Network segmentation: Limit lateral movement and isolate critical systems
• MFA everywhere: Enforce multi-factor authentication on all remote access and admin accounts
• Patch management: Prioritize patching of internet-facing appliances (VPN, Exchange, etc.)
• Incident response plan: Maintain and test a ransomware-specific IR playbook

How Mjolnir Security Can Help