At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Black Basta Ransomware Decryptor Released to Help Some Victims

    A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch.

    We’ve all heard – for as long as ransomware attacks have been happening,  you either need to pay the ransom or recover from backups. But a third option has now sprouted up on GitHub.

    The collection of python scripts, dubbed “Black Basta Buster”, takes advantage of a flow found in versions of Black Basta ransomware from November 2022 through the third week of December 2023.

    According to researchers at SRLabs in a Bleeping Computer article, Black Basta’s encryption has a flaw: “when using a stream cipher to encrypt a file whose bytes contain only zeros, the XOR key itself is written to the file, allowing retrieval of the encryption key.”

    There are a few catches to this decryption capability:

    1. Decryption can only be done a file at a time. You’ll need to create a script to run the decryption against multiple files and/or folders.
    2. Not every file can be decrypted.  Smaller files (less than 5000 bytes) cannot be recovered due to the contents of the file not causing the XOR key to be written to the file). Files between 5000 bytes and 1GB can be recovered.  Files over 1GB can be recovered, but the first 5000 bytes will be lost.

    For those organizations who don’t have the needed backups to recover, this decryptor may save the day. We always recommend having proper backups in place to perform a full disaster recovery, as you won’t know what parts of the environment will be hit.

    Black Basta is well-known for using stolen credentials – usually acquired by initial access brokers via phishing. So, right up there with backups, we recommend putting new-school security awareness training in place to keep phishing attacks from being successful, preventing attackers like Black Basta from even gaining access to the environment in the first place.

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Free Ransomware Simulator Tool

    Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    Here’s how it works:

    • 100% harmless simulation of real ransomware and cryptomining infections
    • Does not use any of your own files
    • Tests 25 types of infection scenarios
    • Just download the install and run it 
    • Results in a few minutes!
    Get RanSim

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top