Ransomware - Black Basta v2

Black Basta v2
Decryptor Available
Yes
Description

For more information, please see the entry on Black Basta.

As you can probably guess, Black Basta v2 is the second iteration of the Black Basta ransomware. It appeared sometime in November 2022. It could be argued that it's the third or fourth considering that the first known samples were titled "no_name_software" and were the first samples created by the group based on compilation times and debugging behaviors upon execution. They also made a Linux encryptor for VMware ESXi servers, which we found a handful of and listed among the samples in the Black Basta entry. The Black Basta v2 ransomware targets Windows systems and has a few different characteristics than its predecessor.

The most obvious difference is the name of the ransom note. Instead of "readme.txt," the group changed the ransom note name to "instructions_read_me.txt." They also altered the encryption mechanism to encrypt files. Initially, it was a combination of ChaCha20 and RSA-4096. This time, it uses a different combination - XChaCha20 and the NIST P-521 elliptical curve algorithm, respectively. Another technical difference is the file extension used. Black Basta used the stereotypical self-named file extension on encrypted files - ".basta." Now, the file extension is a random 9-letter alphanumeric sequence.

Otherwise, most of the other details about Black Basta v2 are similar to Black Basta, including the same extortion page, Ransomware-as-a-Service approach, and threat actors such as QBot to begin their breaches. However, the authors implemented increased command-line flexibility, including variability in the number of threads used, mutex creation, and path specification.

Ransomware Type
Crypto-Ransomware
HumOR
RaaS
Country of Origin
Russia
First Seen
Lineage
Threat Actors
Media type
Actor
Cybergroup
Wizard Spider
Cybergroup
Carbon Spider
Cybergroup
Storm-0506
Affiliate
GOLD CABIN
Affiliate
GOLD LAGOON
Extortion Types
Direct Extortion
Double Extortion
Give Mercy
Communication
Medio
Identificador
TOR
TOR
Encryption
Type
Hybrid
Files
XChaCha20
Key
NIST P-521
File Extension
<file name>.<9 random alphanumeric characters>
Ransom Note Name
instructions_read_me.txt
0180364e7dd8b5440920f1a85330bc5ec7e80756cb633014846378b9a5c9debd
0595876dcfb02cbe4d85d3f9cb374b24473e5b338df781e18bd059ea48d60119
07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799
0825ae48606f05086efb7d2d03db4331a03e21017bdf1470cdc597c51381e6f5
08376a7b9bad22cc76ed74bcf1ff3c36fd26549c747e251980439074c0a22b65
0d53f4d1477ae6b001f3f409cfbd5d29a51b9b3d6fddfbfd6a776bf685d86c55
10cd56acdf1bc7e91610f18583c4f88dc2f64a3caaf4faa8a3bccf3938599245
1354254499b2e3353708747d36c334074f40c1f726ea7590384f2192c972f8c3
1552079359d5e51fb862c3be8cc0dacaa5ae39b43255b87a9c185414944f8c43
158e40a0009e6602303952694df6f3a49f40705c7ceb8b85854c0f1733aa2963
1c711ca465dace4d2a8d0542e75410c417375c4ee484294fcd959e99651fccb8
22aba8e0bdbc9d50f6070ec50405c8ef31e5e22ad18fa9cc94d137fee0dd0536
240450721e47d4cabc1d15d074f0a3a7b3e0b9f1a791006046e211ec302c28b0
245af5ac27f701bf320971c69f9317b37faaac228731a77fb06ad9944c9b6772
2558d0817586306d0ddf7beadd371785cd0a0b7ed860ac62760dbbc92866008a
2e2ec16d0b77bddbc2e88a0a914e7466a3c9dee38dc73a66dddd005e92bb3d6e
2edcf98e7031dad7d90df525db2951b83b2a82de57dfe853c98eaedb609e49c4
2f8796499a7df61817126eb00c8aedff7b709f7f652503b2b9bd1c6a2f7f61e4
308f35bac5effe80b9d3e6eb1a27a60ed0fc795a7c0e9f3f04fe4ed5d20b6432
30d394204ad311552fec6abc0bc1f756cb7b5330e5b84f9285eab98f171902f4
31e2288f0dd395423c22d2d20c9562211e97a2ab06d2403cf020203abe835993
3276df5b3b112c052d56919ad33de8404ec1a37d47d2c28d9debf8323df22e16
350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd
350c0ce91d971244486710407b8991b54317c861e7a1a298d02aedefa19b37eb
3e058006a554e891708f3098bb8d9884ff976c2005722f527fa896983bc27c5a
3fe9192d920b89dc62dc264e7b2647920b902fde5cd2f2c960f4b493b1f89d47
434a4f21549a1ae3dd623bfbc084d43c330821a279b2f4a4abdc7ca6e5584bfb
43e43276e250fc8a971fc3f0308827f98df09c52c08a09577b0cf636e9dc65ed
43f475bfa1f2c4fc35f08e6a96ca9698bd6f86357564d82436555e0f43aeff1a
462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7
4785437421574b495cc94d9c34ec4e181e15ae5ba8b9e6f3d639eb0ba0d329f1
47df319462909cbbcc0f2c1ab1fc4eec5363cae8344f9e4033542f221da97677
47e554a9f560d7142e800fac3d32dbaa8221ee6b8f3418ed7e19232c79111a38
49ec36f03629f5993e496cfee6c5274c5f1db49bde704ef77ffe05fedd60e82b
4a79adc9e5d380be80347ac66fb0d0f414ef1a256c11788bde63e327b9ad54b2
4b83aaecddfcb8cf5caeff3cb30fee955ecfc3eea97d19dccf86f24c77c41fc4
4e4129bb225622380646f9c25deea6403536bc9705e00d511adaae2715398923
4fa2e370c3e78afb50cdeac32b9b4f3e5262312b04b461d05ff73678f5526530
50d2d4c05bf810c1b57dd93f41430ddcd93838cc5367ed2c81de4563f59860c9
51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e
5211ad84270862e68026ce8e6c15c1f8499551e19d2967c349b46d3f8cfcdcaa
5626e39dfce62c25f69aa2c974fc986a0c7bbe2859f5a5551ecba3ee043cee4b
5c6c40ddb666fe8b3a85fef39b6594337ebc6607b5eb9a4f16a62efc4402a0cb
5caa3f9665561b5b02f944cc33fb12faaec87d6ccb69af6a12d0f82cd0a5981d
5dcbec6d3370a2af103500325279d0c4f53df4c5a0c85b20a467797e61cb75ae
5ed057e99aed8356ccdf698f38fd3fe9ceabe517e1bd3245479fdd3cbb966fa9
60e9e8e25b64eabb59dc8667c286d91a8f4c6b6f9ea9aa12b55e7a2cb78d15f8
6264cae0ef62128667a295aef7154f4feb22dbfe53fc09fd01d122e01d43995e
640b73de1e37ac2b232793ff996dfcca41b74875d3aff2074c066b2c8e378b2b
645a18f737bd6d810a48c4a47ace62c196eb1ef285f8ca9bea6218b312fff16e
64921e6be1c8f44fddc6075621357496561924acecce48b73a243d5534c8d36e
6b7d80a4e6b7b6d2a74f135313473415ecbbd7382688d0b536a7df6a7ccb2bab
6cd7c9fa8314f2d7fb6819df38cffa1cccbd6f41b54c81bc6a667693351b3058
6cd92db9ebc8a8a879d86002971b93562928eca738a2fe14228479cb6cc1fe33
6cf61f55d7c40c703289b5692f7563c01d7bad54a2f5baf378a0e866622368e6
6def732c9ae7a4ce0dfd9d711033eed64fb5f481b56768c374289572c2743a0f
6ecd381ce0d3ad1ab83147712aa34772351e4d2dc43e1b66e3a999340e2b7f17
70161408185668a27da9d35ce4127003bda1acb6e31d9b01b576e64c17ec07cf
723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224
75f247f236a1f650c607e27d13b1c769340263f6b8caac946b0f1dacc5180b78
764b1117262d33f0a69b4f4c72fad607b7c71c262f60b9b2b35a21e7f4967786
7ab838960858870eaf2701a737411c6a65e00077136d938f4ef736b3c949833d
811e64d302089f4cb3cf7922c4310a1a00ef0a71c44ff402c1bf35c49c481f9e
83fc7095a91dc016bdbd965ae09182ea1d1a5b287cbfa4b0f3a58754336c8c33
869e412f6ff9396a62247e785fe0c01599c947fe0112b8ca135f526535953ec5
882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3
8ded024d7fb62074d19cb9a364ca34646df42c971b9208227abc8bcb454d49f5
9770b4425a2c68ac8a861f3d5b484fad3c7bd7ea7a763248ad841821e19a01bc
97a997a2a3b270a4db3b56fec30319bc0f41f069a5089c47f08e4c554bf3ac32
99f82c9a80fc6556f28e50e2889d59325e8169dc3742bf34121dc85207c6d965
9c281cf11a2358a4ddfdaef0589f859fcea883e8e441f0c15da88168dad3eff8
a18ddba28efff98a9a2a852f45f788cdd219c1834344d07faede50810985cd8f
aa9f5321e9c5bede88d8f50342e9420f9ace7711950c9fae8536a0d5586ef86d
ab24df3877345cfab2c946d8a714f1ef17fe18c6744034b44ec0c83a3b613195
ad04b4b8eb9fe76ba316335769d5de3d3c221dec5c5506c984a5ba77c2492c0a
af75686852f329855981dd5953ff8ce40e713e6ef720ac26816091f40fede1a8
b18b40f513bae376905e259d325c12f9d700ee95f0d908a4d977a80c0420d52e
b4749c9a449bc87703dda9db60e4562f0bd02c055c49c14704ed2d1e2eb0f4f6
b5209e1a8133f37dd941a391669baf9e6060ddfe2afa8175e5a3a2ae2f14cc68
b95487d9ee09dba89976b9b61b3eeb82f72972f270ca149ac0e2e1ea35640d5f
bebd409c8fae76c16040bcd69eed914520d3660ab2da057955e0fe6bef65bda1
c4c8be0c939e4c24e11bad90549e3951b7969e78056d819425ca53e87af8d8ed
c5320ee1e5753c5cec7611e4c61aaf23778b5924aefac3a546318de7319581bc
c61a3b75e95ea37acb0d7653126ce080c807caf182c5002d2a2185e87f533dd6
c6de3f267b36428d5c4251ee89f09a9f783ec0ee3e4d82805f4bbdff794f34cc
cb0848a6f24a6a37bbceffa8dedade918f3a0717ceeff63bbb997b608823214f
cc50bcbf6d462e1d8d61c318a4e39eba0950520921bfd770c6cd780d81daa146
cf7fa7f54b06b09b750b8c50e4f8893e25ceaccfa9be8225f3279dc4e4ce0f4d
d0f05cd6957e1e93d1ca4154762b4d4bcaeb16c0bf878b59a1500c4974ef4502
d408fe3421f520710e8a6ac6f0b9a1759b03ab3f44134e451d72af3bb79a3ad0
d5770cd6451de0c45426fae230e41f3551af1c9dda690d2be44f69be3721d929
d791fd7f496ba242685e631631140de41a048f7cd8d113579615d04eec3ff5bd
d982401b64ae312363fafadcfdedabdd7c13ad89651767c5c6bc0fef03f63fb4
dc90ba17158501e8f6589d3805789f9ac51cefaafec63d6e00e10c7e0355faab
df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415
e05791112b72f7430b74138bac4d4efcd2fbd1909714f8366a43eab77b26b13e
e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757
e686a6e3b9598c588202794f7670c2356e7bc80ecb69113eb3062ae4b57e7396
e8b7fcfc79615ce1428ad27b539e25a7532965809767b03f32d58b307551fb29
eb758d64b49aec914b175165f232aeb8928a841566c083114e97844841afd82c
ef2a754a8e713fd6deaa642e2220af372fd310a755a02126938ff233b16a4a83
f0addbafed09fa1d3a5edfe56356475f1af5d711403c800617bcde9b22585d24
f4f471241714fbf24a103f8a7fce00fecdf795dbf6edbc6420e34834cb93eb53
f79188b716aeb2eaa34bce17f066aca3bbdf676b7977fe36b8277fd651dea251
fbe5690e3a17947a9e208a1730d08e2496f27e1c62cac146fb567c63d781a1b6
fe87fa7714266548fa5da52455f1788f588417ee800c86768d163abd279d0279
fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f