Ransomware, Network Security

Stealthier malware, tools leveraged by Black Basta ransomware

July 31, 2024

Share

Malware attack virus alert. Person use smartphone with virtual warning sign with ransomware word. warning notification, Cyber threats.

(Adobe Stock)

Mounting ransomware crackdown efforts, including one that impacted its previous partner QBot, have prompted the Black Basta ransomware operation, also known as UNC4393, to leverage new custom malware and novel techniques on top of zero-day vulnerabilities to enable network compromise without being detected by security systems, BleepingComputer reports.

While Black Basta has primarily leveraged DarkGate malware in its attacks following the disruption of the QBot malware late last year, the ransomware gang transitioned to SilentNight malware distribution for initial network access in attacks months later, with network foothold ensured by the deployment of the DawnCry memory-only dropper with the DaveShell loader that delivers the PortYard tunneler, according to an analysis from Mandiant. Aside from featuring living off the land binaries, recent attacks by the ransomware gang also involved the CogScan .NET reconnaissance tool, the SystemBC tunneler, the KnowTrap memory-only dropper, and the KnockTrock .NET-based utility that facilitates BASTA ransomware executable injections.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

SC Staff

Related

Close up of female hands typing on laptop keyboard, working at home, sunset in background

Russian women stepping up for cybercrime outfits

Shaun NicholsNovember 20, 2024

Women are increasingly taking on top roles within Russian-speaking threat actor groups.

Image of ransomware, computer language, circuit board pattern over data server room

Meow, INC Ransom gangs leak San Francisco Ballet Company data

SC StaffNovember 20, 2024

SF Ballet Company was initially targeted by Meow, also known as MeowCorp or MeowCorp2022, which admitted to having exfiltrated more than 40 GB of data, including employees' personal details, payroll and work-related information, legal and insurance documents, financial files, contracts and commercial agreements, and medical records.

Cybersecurity and Digital Protection

Over 21K Equinox patients, staff impacted by LockBit-claimed attack

SC StaffNovember 20, 2024

Threat actors who infiltrated Equinox's systems on Apr. 29 were able to exfiltrate digital files containing individuals' names, birthdates, addresses, Social Security numbers, passport numbers, driver's license or other government identification numbers, health insurance information, financial account details, treatment and diagnosis data, and/or medication details.

Related Events

Related Terms

ACK Piggybacking Address Resolution Protocol (ARP)Berkeley Internet Name Domain (BIND)Border Gateway Protocol (BGP)Cache Poisoning Call Admission Control (CAC)Cell Computer Network Decapsulation Domain Name

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news