Black Basta (AKA BlackBasta) is a ransomware operator and Ransomware-as-a-Service (RaaS) criminal enterprise that first emerged in early 2022 and immediately became one of the most active RaaS threat actors in the world, racking up 19 prominent enterprise victims and more than 100 confirmed victims in its first few months of operation. Black Basta targets organizations in the US, Japan, Canada, the United Kingdom, Australia, and New Zealand in highly targeted attacks rather than employing a spray-and-pray approach. The group�s ransom tactics use a double extortion tactic, encrypting their victim�s critical data and vital servers and threatening to publish sensitive data on the group�s public leak site.

Black Basta�s core membership is thought to have spawned from the defunct Conti threat actor group due to similarities in their approach to malware development, leak sites, and communications for negotiation, payment, and data recovery. Black Basta has also been linked to the FIN7 (AKA Carbanak) threat actor through similarities in their custom Endpoint Detection and Response (EDR) evasion modules and overlapping use of IP addresses for command and control (C2) operations.

https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/black-basta