Black Basta ransomware vulnerability leveraged by new decryption tool

Independent cybersecurity consultancy and research collective Security Research Labs has released a new free Black Basta ransomware decryption tool, according to BleepingComputer. Such a decryptor, dubbed Black Basta Buster, was developed following the discovery of an encryption algorithm vulnerability that exposed a ChaCha keystream for file XOR encryption. Black Basta Buster also includes the "decryptauto.py" script to enable automated key retrieval for file decryption. "Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file," said SRLabs researchers, who added that while recovery is impossible for files smaller than 5KB, it is likely for files between 5KB and 1GB and only possible for the first 5KB of those larger than 1GB. Organizations hit by Black Basta between November 2022 and the last week of December could use the decryptor but recent updates by the ransomware operation that addressed the flaw have made the decryption tool inoperable in newer attacks.