A Deep Dive into Black Basta Ransomware by SecurityScorecard

Executive summary
Black Basta ransomware is a recent threat that compiled its first malware samples in February

The ransomware deletes all Volume Shadow Copies, creates a new JPG image set as the
Desktop Wallpaper and an ICO file representing the encrypted files. Unlike other ransomware
families, the malware doesn’t skip files based on their extensions. However, it doesn’t encrypt
critical folders that would make the system inoperable.
The files are encrypted using the ChaCha20 algorithm, with the key and nonce being encrypted
using the RSA public key that is hard-coded in the sample. The malware can fully or partially
encrypt a file depending on its size. The extension of the encrypted files is changed to .basta by
the ransomware.

Leave a Reply

Your email address will not be published.