The first attack on black Basta was in April 2022.

A new ransomware gang known as quick attacks, nowadays breaching at least twelve companies in a few days. 

The name of this virus is Black Basta Ransomware. The threat type of these viruses is ransomware, a cryptovirus. if you attack by black bast. The demanding msg shows as readmi.txt. If you need any kind of contact reach theam contact on thor network website. Detections names Avast (Win32:Malware-gen), Combo Cleaner (Gen: Heur.Ransom.REntS.Gen.1), ESET-NOD32 (Win32/Filecoder.OKW), Kaspersky (HEUR: Trojan.Win32.DelShad.gen), Microsoft (Trojan: Win32/Sabsik.FL.B!ml), Full List Of Detections.

The Black Basta Ransomware symptoms of this virus are not opening files stored on your computer, and previously functional files now have a different extension (for example, my.docx.lock). A ransom demand message displays on your desktop. Cybercriminals demand payment of a ransom (usually in bitcoins) to unlock your files. It damages your documents All files encrypt and open without paying a ransom. Additional password-stealing trojans. Malware infections install together with ransomware infections.

In each folder on the encrypting device. the ransomware will create a redadme.txt. A file that contains information about the attack. So link and unique ID are required to log in to their negotiation chat session.

API system

The actor screen shows that if your not payment is not made in seven days the information is automatically leake. And if you pay that amount they will promise you that your information is safe. The amount should also be in the form of bitcoins. It also changes your wallpaper by using an API system and uses a file called dlaksjdoiwq.jpg as the background wallpaper. Ransomware is often spreading through pushing emails. that contain malicious attachments through downloading.

New ransomware called “Black Basta”. It is spreading across the globe. The variants of this ransomware are focused on the Windows platform, however, new variants targeting ESXi virtual machines running on Linux servers that facilitate the attackers with encrypting multiple servers with one command are also developing. For attacking ESXi servers, ransomware looks for the volumes; and the location. where VMs stored in compromised ESXi servers.