BOOK THIS SPACE FOR AD
ARTICLE AD12. May 2022
This article has been indexed from
CySecurity News – Latest Information Security and Hacking Incidents
Black Basta, a new ransomware group has been highly active since April 2022 and has already breached a dozen companies worldwide. The list of victims includes the American Dental Association and German wind turbine giant Deutsche Windtechnik.
Modus operandi of Black Basta
While Black Basta assaults are relatively new, some information on their methodology has been made public. The data encryptor employed by ransomware requires administrator privileges to execute, otherwise, it is harmless.
To launch the encryption executable, the ransomware targets a legitimate Windows service. After execution, the ransomware erases shadow copies from the compromised system using vssadmin.exe. This action removes the Windows backup so that after encryption victim cannot revert the system to its previous state.
Subsequently, Black Basta drops two files: dlaksjdoiwq.jpg and fkdjsadasd.ico in the user Temp folder. The seco
[…] Read the original article:
By continuing to use the site, you agree to the use of cookies and to our Privacy Policy. More information