Call: 1300 422 542

A New Ransomware Variant is on the Scene

Black Basta, a relatively new Ransomware group, has recently been making headlines for breaching at least twelve companies in a matter of weeks. Little is known about the group or the initial entry points for infection at this stage. But the motive for profit was very clear, and the sophistication of the attack would suggest an older group had re-branded. But before we dive deeper into Black Basta’s familiar infection tactics, let’s briefly discuss what ransomware is and how it works.

What is Ransomware

Ransomware is a specific, evolving form of malware designed to encrypt files on a device. This type of malicious software is used to impede access to a system or network and threatens to destroy or withhold the victim’s data hostage in exchange for a ransom. Its primary mission is to extort money. If the financial demand is made, the malicious party will provide a decryption key to allow the victim to regain access to the data or system. If the payment is not made, the attacker publishes the data on data leak sites (DLS), and sometimes even if the victim pays, the attacker doesn’t provide the decryption key, which results in data and financial loss.

How Ransomware Works

Step 1: Infection

There are several ways that ransomware can get into your computer or system.  One of the most common ways is through email phishing. The user will receive a message with a malicious attachment or link that leads to the compromised website. Once the attachment or link is clicked, the ransomware can now infect the computer and spread to the entire network.

Step 2: Encryption

The infection steals information first, before encrypting the system with a .basta extension in a double extortion attack.  A readme.txt file is then left with instructions on paying the ransom.

One of the first tasks of the infection is to remove the antivirus software and attempt to wipe any backups, either local or cloud-based, along with volume shadow copies. A brief analysis by Bleeping Computers found the Encrypter first required administrative privileges to begin its attack. Once gained, it then hijacked an existing service before rebooting in safe mode with networking to begin the encryption process. The most likely entry point for this attack appears to be an email attachment macro or infected website, which then runs a gh0st Rat to propagate and gather the other resources it needs.

Step 3: Ransom Demand

A decryption key is required to unlock the files once the data has been encrypted. And in almost every case, the targeted user or system will receive instruction on how to regain access, which details the payment method, usually in Bitcoin.

The Cost of Ransomware on Businesses       

While ransomware has been in the headlines for years, the first documented ransomware was the 1989 AIDS Trojan. 20,000 infected diskettes were sent by evolutionary biologist Joseph L. Popp to attendees of the World Health Organization’s international AIDS conference. The ransom was $189 to be sent to PC Cyborg Corp. at a post office box in Panama. What started as a petty crime has now become a global criminal enterprise; a serious concern that disrupts and severely impacts business processes. Not only is it costly and exposes confidential and valuable information, but ransomware can also halt business operations, which can damage a brand’s reputation and affect customer trust.

Key findings in the ExtraHop Cyber Confidence Index – Asia Pacific Report 2022:

  • 85% of Australian organisations suffered a ransomware incident in the past five years;
  • 72% of organisations keep ransomware attacks as private as possible;
  • 35% of organisations in Australia have paid a ransom.


Ransomware became particularly pronounced in 2021 as attackers focused more on making quick money. Instead of attacking a single individual, attacks primarily hit supply chains where victims face double extortion ransomware attacks –demanding ransom and threatening to upload the data online if the ransom is not made. We may not be aware of the total cost of ransomware attacks in Australia as some organisations prefer to solve it privately, but the numbers show that the average ransom behind Australian organisations surveyed to have suffered ransomware attacks was $1.25 million. But this amount is nothing compared to the Kaseya incident, where hackers demanded $70 million.

Ransomware Prevention and Defense Tips

All these ransomware incidents are not slowing down, and the effects on individuals, businesses, and organisations are devastating. Ransomware variants keep on multiplying and evolving. Australia Cyber Security recommends you follow these best practices to keep you and your business operations secure:

  1. Turn on automatic updates on your device.
  2. Use strong passwords and passphrases for your accounts.
  3. Set up and perform regular backups.
  4. Turn on two or multi-factor authentication.
  5. Implement access controls by restricting administrator privileges.
  6. Put effective cyber security practices in place.
  7. Enable ransomware protection on your device.
  8. Save or print out the Ransomware Action Checklist and the Cyber Security Emergency Plan.
  9. Know what data is critical to you or your business.
  10. Remain vigilant and stay informed.


But if you’re battling this type of malware or a similar threat, NEVER pay the ransom. Seek professional help. Call the Australian Cyber Security Centre 24/7 Hotline on 1300 CYBER1 (1300 292 371).

Remember, cybersecurity is the responsibility of everyone and “always think before you click.” Protect your business and customers by protecting your network against malicious cyber actors. Find out what our team can do for your business. Contact us today.


Share This Post
Subscribe To Our Newsletter
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

More To Explore

In The Media

2 Great Companies Come Together

A sign of further consolidation in the Australian ICT channel as Brisbane’s Azentro buys Adelaide’s Calibre One. The enlarged group, with combined sales of $A35m

Read More »

Find out what our team can do for your business.

Let us know how we can help

Contact Us
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.