Black Basta ransomware group
GPTKB entity
Statements (54)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
cybercrime
|
| gptkbp:associatedWith |
Conti ransomware group (alleged)
|
| gptkbp:firstObserved |
April 2022
|
| https://www.w3.org/2000/01/rdf-schema#label |
Black Basta ransomware group
|
| gptkbp:language |
Russian (suspected)
|
| gptkbp:mainActivity |
ransomware attacks
|
| gptkbp:notableVictim |
gptkb:Swissport
gptkb:Toronto_Public_Library gptkb:American_Dental_Association gptkb:Knauf_Group gptkb:Sobeys gptkb:Capita Deutsche Windtechnik Yellow Pages Canada |
| gptkbp:objective |
financial gain
|
| gptkbp:operates |
Ransomware-as-a-Service (RaaS) model
|
| gptkbp:publishes |
stolen data on leak site
|
| gptkbp:ransomwareType |
double extortion
|
| gptkbp:requires |
ransom payments
|
| gptkbp:status |
active (as of 2024)
|
| gptkbp:target |
gptkb:government
gptkb:textile_industry healthcare sector organizations worldwide critical infrastructure |
| gptkbp:technology |
lateral movement
threatening to leak data disabling security software targeting backups |
| gptkbp:type |
ransomware group
|
| gptkbp:uses |
gptkb:PsExec
gptkb:Cobalt_Strike gptkb:Mimikatz data exfiltration PowerShell scripts credential theft C2 infrastructure Active Directory enumeration remote desktop protocol (RDP) network reconnaissance tools Mega cloud storage for exfiltration PrintNightmare vulnerability QakBot malware Rclone for data exfiltration StealBit data exfiltration tool SystemBC proxy malware Tor network for leak site VMware ESXi encryption Windows and Linux ransomware variants custom ransomware payload encryption of victim data living-off-the-land binaries (LOLBins) |
| gptkbp:bfsParent |
gptkb:TrickBot_gang
|
| gptkbp:bfsLayer |
7
|