The Black Basta ransomware is a new strain of ransomware

Key Details Prominent Threat: In just two months, the Black Basta gang has added nearly 50 victims to their list as of the publishing of this report, making them one of the most prominent ransomware recently. Targets VMware ESXi: Black Basta's Linux variant targets VMware ESXi virtual machines (VMs) running on enterprise Linux servers. High Severity: The Cybereason Nocturnus Team assesses the threat level as HIGH given the destructive potential of the attacks. Targeting English-Speaking countries: Black Basta specifically targets the following countries: United States, Canada, United Kingdom, Australia, and New Zealand. Targeting Wide Range of Industries: Black Basta has been observed targeting a range of industries, including manufacturing, construction, transportation, telcos, pharmaceuticals, cosmetics, plumbing and heating, automobile dealers, undergarments manufacturers and more. Human Operated Attack: Prior to the deployment of the ransomware, the attackers attempt to infiltrate and move laterally throughout the organization, carrying out a fully-developed RansomOps attack. Similar to other ransomware operations that have emerged over the past years, the Black Basta gang follows the growing trend of double extortion. They steal sensitive files and information from their victims and later use it to extort the victims by threatening to publish the data unless the ransom is paid.