BlackBasta posted evidence of a recent ransomware attack, whose victim appears to be Sipi Metals Corp, located in the US. This is a high-profile corporation working in the refining and recycling field with over 100 years of experience and global reach.
The organization is notorious for its aggressive negotiation tactics and subtle infiltration MO. Unlike other ransomware organizations, BlackBasta prefers surgical operations, rather than spray-and-pray tactics. This means they premeditate their hits carefully.
This approach leads BlackBasta to target high-profile public institutions and corporations, looking to maximize its gains and gain access to sensible data. The more sensible the data is, the higher the potential ransom.
The likelihood of the victims paying the ransom is also higher when there’s more at stake that they afford to lose. This fact alone makes BlackBasta more feared than other ransomware actors, especially since the organization is also highly resourceful.
We believe security online security matters and its our mission to make it a safer place.
BlackBasta uses the double-extortion MO, which tends to have the most powerful coercive factor. This method involves penetrating the victim’s defenses, cloning and downloading the target data, and encrypting it on the original system.
This forces the victim into a 2-option scenario. Pay the ransom, or have the data leak all over the Dark Web. The encryption itself isn’t necessarily the end of the road, because there are ways around it. It may cost time, money, and financial losses, but it can be done.
But sensible data leaking on the Dark Web can cause irreparable damages, both financial and in terms of reputation. Which is why many victims prefer to pay the ransom and be done with it.
The problem is that this doesn’t guarantee that the attackers will delete the data in their possession. Or that they will provide the decryption key. Furthermore, specialists warn that paying the ransom only incentivizes cyber-criminals to continue their activity.
BlackBast currently ranks as the ransomware actor with the most potential on the market. This is thanks to its ability to innovate its systems and because the organization itself is the successor of Conti, the most dangerous cybercriminal actor to date.