Black Basta Ransomware Teams Up with Malware Stalwart Qbot

The novel cybercriminal group tapped the ever-evolving info-stealing trojan to move laterally on a network in a recent attack, researchers have found.

A newcomer on the ransomware scene has coopted a 14-year-old malware variant to help it maintain persistence on a targeted network in a recent attack, researchers have found.

Black Basta, a ransomware group that emerged in April, leveraged Qbot, (a.k.a. Quakbot), to move laterally on a compromised network, researchers from security consulting firm NCC Group wrote in a blog post published this week. Researchers also observed in detail how Black Basta operates.

“Qakbot was the primary method utilized by the threat actor to maintain their presence on the network,” NCC Group’s Ross Inman and Peter Gurney wrote in the post.

Qbot emerged in 2008 as a Windows-based info-stealing trojan capable of keylogging, exfiltrating cookies, and lifting online banking details and other credentials. Since then it has stood the test of time through constant evolution, morphing into sophisticated malware with clever detection-evasion and context-aware delivery tactics, as well as phishing capabilities that include e-mail hijacking, among others.

Black Basta is, in contrast, a relative baby when it comes to cyber-criminality. The first reports

Read More: https://threatpost.com/black-basta-ransomware-qbot/179909/