SentinelOne Vs. Black Basta – Prevention and Detection

Watch how SentinelOne prevents and detects Black Basta Ransomware. Black Basta is a relatively new, multi-pronged extortion group, meaning they exfiltrates all desired data prior to encrypting devices. Victims are then extorted into paying the ransom in order to A) prevent leakage and B) decrypt their data. The group hosts a TOR-based blog where they publish victim data.

Upon infection, victims are instructed to visit Black Basta’s ‘support’ portal via TOR. Infected hosts experience altered wallpaper, and very rapid encryption of files. Black Basta will attempt to inhibit system recovery by removing Volume Shadow Copies (vssadmin).

#cybersecurity #blackbasta #ransomware