A new ransomware gang dubbed Black Basta has reportedly partners with QBot malware to hacking corporate environments. As Qbot has the potential to steal critical information, such as password credentials and malware payloads, on infected devices, Black Basta might have partnered with it to steal information from its victims.
QBot aka QuakBot is usually being spread by hackers through phishing emails attached with malicious attachments. The malware that started its operations as a banking Trojan is now being used by other ransomware gangs such as Egregor, DopplePaymer, MegaCortex and ProLock.
The team of the malware with the Black Basta Ransomware group was discovered by NCC Group, a Manchester based data assurance firm.
QuakBot, also called as Qakbot, is efficient enough to infect network shared drives and active directory accounts through brute force. It can remain concealed in the network by dodging the radars of many threat detection solutions.
Black Basta Ransomware can disable Windows Defender and can transform itself into a wallpaper icon with a .basta extension of all encrypted files.
Meanwhile, KELA, an Israel-based threat intelligence firm, has discovered a novel way of attack by Ransomware gangs. These days they are hiding the victim’s name and instead are claiming to have stolen sensitive files from a business pertaining to a particular industry, size and stolen data.
Meaning they are concealing the victim’s name in order to save their reputation in the industry, among competitors and among customers.
Wonder how much it helps the victim…?