Black Basta may be connected to the Conti ransomware group

Black Basta Conti Ransomware Hacker Group Malware

A new ransomware group called Black Basta has infected about a dozen organisations, and some researchers claim that it may have a link to the notorious Conti gang. The appearance of Black Basta was first discovered last month. Researchers also noted that they had already compiled samples regarding the new threat in February.

The threat actors operating the Black Basta utilise malware to encrypt files on affected systems, attaching the [.]basta extension to encrypted files. Moreover, they rob massive amounts of data from targets to increase their chances of getting huge ransoms.

A separate cybersecurity firm has initiated a technical analysis of the Black Basta ransomware and indicated that the malware needs administrator privileges. Researchers found that the malware hacks the Windows Fax service to establish persistence on the targeted systems.

The ransomware group has provided a list of companies on its website, enumerating victims who decline to pay their ransom demands, including Deutsche Windtechnik and the American Dental Association.


Black Basta may have been a strain of Conti ransomware.


Experts believe that the ransomware group must have some relationship with the Conti group. These claims are based on the overlaps between their leak sites, payment sites, and how they impersonate employees’ talks. Other researchers then backed up this evidence since there are several identicality between the two groups.

As of now, the Conti ransomware group released an announcement regarding their new targets. They highlighted the inclusion of government organisations in Costa Rica and Peru in their statement.

Conti ransomware activity has skyrocketed in the previous weeks, despite cybercriminals’ operations being exposed by researchers recently.

The researchers who leaked their source code used a Twitter account called ContiLeaks to develop available chat logs, credentials, email addresses, and command-and-control server details. The leaks suddenly materialised after the Conti group expressed its support for the Russian government’s plans against Ukraine.

However, the recent leaks have not discouraged the Conti ransomware gang from attacking new targets. It is still conducting more attacks than in the past months.

About the author

Leave a Reply