Black Basta Ransom Proceeds Over Two Years Exceeds $100M


December 5, 2023

World map

Researchers assert that the Black Basta ransomware gang exceeded $107 million in ransom revenue from more than 90 victims in less than two years.

“It should be noted that these figures are a lower bound – there are likely to be other ransom payments made to Black Basta that our analysis is yet to identify – particularly relating to recent victims,” SCMagazine reports the team as stating.

Accurate data is hard to come by when assessing the wider impact of ransomware attacks, as private organizations and individuals are not required to report attacks.

In 2022, the FBI spent seven months observing the infamous Hive ransomware gang after infiltrating their operations. Based on their observations, the agency came to the shocking conclusion that only about 20% of attacks were being reported to law enforcement.

Takeaway:  According to the most recent Power Rankings: Ransomware Malicious Quartile Q3-2023 report, Black Basta quickly became one of the most prolific attack groups in 2023 and was observed leveraging unique TTPs for ingress, lateral movement, data exfiltration data, and deployment of ransomware payloads.

Black Basta continues to evolve their RaaS platform, with ransomware payloads that can infect systems running both Windows and Linux systems. Black Basta is particularly adept at exploiting vulnerabilities in VMware ESXi running on enterprise servers.  

Black Basta ransomware is written in C++ and can target both Windows and Linux systems, encrypts data with ChaCha20, and then the encryption key is encrypted with RSA-4096 for rapid encryption of the targeted network. In some cases,  

Black Basta leverages malware strains like Qakbot and exploits such as PrintNightmare during the infection process. Black Basta also favors abuse of insecure Remote Desktop Protocol (RDP) deployments, one of the leading infection vectors for ransomware.

Black Basta typically targets manufacturing, transportation, construction and related services, telecommunications, the automotive sector, and healthcare providers. Ransom demands vary depending on the targeted organization with reports that they can be as high as $2 million dollars.

Victims of Black Basta attacks include BionPharma, M&M Industries, coca Cola, Yellow Pages Canada, AgCo, Capita, ABB, Merchant Schmidt, Tag Aviation, Blount Fine Foods and more. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.