A new group, Black Basta, is making head waves in the ransomware game. Since May 2022, according to Check Point Research, there have been at least 89 high-profile organizations that the group has extorted. Nearly 40% of the victims are in the US; the ransom demands can exceed $1 million.
From there, the BlackBasta group does a number of different evasion techniques that are quite stealthy. The rest of the Check Point Research article details their evasion techniques.
What's worth noting, however, is the origin of the attack. All attacks have to start somewhere, and Black Basta tends to go through email. Remember, before the actual execution of the ransomware can start, the ransomware has to get into the environment.
In this case, they tend to use malicious URLs or malicious attachments.
That's why it's so critical to scan all URLs and sandbox all attachments, to prevent dangerous executables like Black Basta from entering the organization.
