After flaw discovered, decryptor released to counter Black Basta

Everyone makes mistakes, including the cybercriminals behind Black Basta ransomware. A decryptor has just been made available to the public by the Berlin ethical hacker laboratory Security Research Labs. Hosted on GitHub, the decryptor’s release was spotted by Bleeping Computer at the end of the year.

Black Basta ransomware was notably used in France against the luxury crystal maker Baccarat, targeted by cybercriminals last fall. The gang also attacked, not far from France, the Swiss technology group ABB, one of the world’s automation specialists.

Weakness identified

The unveiling of a decipherer is sometimes synonymous with progress in police investigations. A link that we have seen for example with LockerGoga or PyLocky. But this is obviously not the same case for Black Basta, whose decryptor is not yet, at the beginning of January, listed on the anti-ransomware platform No More Ransom.

On GitHub, Security Research Labs experts explain that they have simply identified a weakness in the encryption algorithm used by the Black Basta cybercriminals, active since spring 2022. The decryption key was found in plain text in the case of encryption of a file whose bytes contained only zeros.

Updated Malware

According to Bleeping Computer, this flaw had already been identified by incident response companies. This allowed them to discreetly decrypt the terminals of their customers who were victims of extortion carried out by the gang.

However, this period is over. The Black Basta cybercriminals also identified the problem and updated their malware. It’s unclear whether they realized this when the Security Research Labs decryptor was released or whether they had already spotted the problem.

Black Basta is one of the cybercriminal groups, such as Silent Ransom Group, Royal, Zeon, and Diavol, placed by experts in the Conti lineage. This franchise, active since the start of 2020, exploded in full flight after being in favor of the Russian invasion of Ukraine. The position resulted in a major data leak, forcing the criminal organization to lower the curtain on its showcase site in June 2022.

Source link -97