Black Basta
High ConfidenceHigh ThreatBasta News
Black Basta is a ransomware-as-a-service operation that emerged in April 2022, believed to have connections to the disbanded Conti ransomware group. The operation has rapidly become one of the most prolific ransomware threats, targeting hundreds of organizations across healthcare, manufacturing, and critical infrastructure sectors. Black Basta employs double extortion tactics and has demonstrated sophisticated capabilities including the use of custom tools for network reconnaissance and lateral movement. The group's operations have caused significant disruption to major organizations worldwide.
Black Basta is a ransomware-as-a-service operation that emerged in April 2022, believed to have connections to the disbanded Conti ransomware group. The operation has rapidly become one of the most prolific ransomware threats, targeting hundreds of organizations across healthcare, manufacturing, and critical infrastructure sectors. Black Basta employs double extortion tactics and has demonstrated sophisticated capabilities including the use of custom tools for network reconnaissance and lateral movement. The group's operations have caused significant disruption to major organizations worldwide.
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: High.
Future Outlook
Black Basta is expected to continue operations targeting Healthcare sectors.
First observed activity of Black Basta
Continued active operations