Black Basta Ransomware

Black Basta Ransomware
Black Basta ransomware encrypts user data using a combination of AES + RSA algorithms and then demands its victims to contact them via their tor site for ransom negotiations. The operators has claimed responsibility for the attack on the American Dental Association (ADA) and release a chunk of 2.8 GB of stolen data so far.

Upon execution it
  • Replaces the desktop wallpaper image with the text "Your network is encrypted and you need to read the readme.txt file".
  • Reboots the computer using the Shutdown function with attributes (shutdown -r -f -t 0).
  • System boots in safe mode (Safe Mode), and encrypted files receive a special icon.
  • Deletes shadow copies of files, disables the Windows repair and repair functions at the boot stage.
  • Changes the appearance of encrypted files with native ico file.
  • Encrypted files are appended with the extension: .basta The ransom.

Black Basta Ransom Note

Black Basta Ransomware Signatures

Family: Ransom:Win32/BastaCrypt.PA!MTB
MD5: 3f400f30415941348af21d515a2fc6a3
SHA256: 5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

Black Basta Ransomware Download

Download Black Basta Ransomware Sample