ioc · name

readme.txt

?? · UnknownBlack Bastaconfidence · medium

Black Basta ransom note filename described in AA24-131A; the note omits a payment amount and directs victims to a .onion site (Basta News). Encrypted files receive a .basta or random extension after ChaCha20+RSA-4096 encryption.

family: Black Basta
first seen: May 9, 2024
publisher: CISA

source citation