The first attack of black Basta is on April 2022.

A new ransomware gang is known as has quickly attack nowadays breaching at list twelve companies in a few days. 

The name of these virus is Black Basta Ransomware. The threat type of these viruses is ransomware, crypto virus. if you are attack by black bast the demanding msg is shown as readmi.txt. If you need any kind of contact to reach theam contact on thor network website. Detections names Avast (Win32:Malware-gen), Combo Cleaner (Gen:Heur.Ransom.REntS.Gen.1), ESET-NOD32 (Win32/Filecoder.OKW), Kaspersky (HEUR:Trojan.Win32.DelShad.gen), Microsoft (Trojan:Win32/Sabsik.FL.B!ml), Full List Of Detections.

The symtoms of these virus are Cannot open files store on your computer, previously functional files now have a different extension (for example, my.docx.lock). A ransom demand message is display on your desktop. Cyber criminals demand payment of a ransom (usually in bitcoins) to unlock your files. Its damage your documents All files are encrypte and cannot be open without paying a ransom. Additional password-stealing trojans and malware infections can be install together with ransomware infection.

In each folder on the encrypte device, the ransomware will create a redadme.txt. A file that contains information about the attack and a link and unique ID requir to log in to their negotiation chat session.

API system

The  actor screen shows that if you not payment is not made in  seven days the information is atomatically leake. And if you paid that amount they will promise you that your information are safe. The amount should also in form of bitcoins. It also change your wallpaper by using API system and uses a file call dlaksjdoiwq.jpg as background wallpper. Ransomware is often spread through pushing emails that contains malicious attachmentsor though by downlodings.

It is reporte that a new ransomware call “Black Basta”, is spreading across the globe. The variants of this ransomware are focus on Windows platform, however, new variants targeting ESXi virtual machines running on Linux servers that facilitate the attackers with encrypting multiple servers with one command are also develope. For attacking ESXi servers, ransomware looks for the /vmfs/volumes; the location where VMs are store in compromise ESXi servers.