CySecurity News – Latest Information Security and Hacking Incidents
Black Basta, a new ransomware group has been highly active since April 2022 and has already breached a dozen companies worldwide. The list of victims includes the American Dental Association and German wind turbine giant Deutsche Windtechnik.
Modus operandi of Black Basta
While Black Basta assaults are relatively new, some information on their methodology has been made public. The data encryptor employed by ransomware requires administrator privileges to execute, otherwise, it is harmless.
To launch the encryption executable, the ransomware targets a legitimate Windows service. After execution, the ransomware erases shadow copies from the compromised system using vssadmin.exe. This action removes the Windows backup so that after encryption victim cannot revert the system to its previous state.
Subsequently, Black Basta drops two files: dlaksjdoiwq.jpg and fkdjsadasd.ico in the user Temp folder. The seco
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: