Detecting Black Basta Ransomware with ExtraHop NDR
Black Basta ransomware reportedly compromised 90 organizations in five months, between April and September 2022, with attacks continuing that fall. The speed with which this ransomware moved, combined with its use of double extortion techniques and ability to turn off endpoint detection and response (EDR) solutions, caught the attention of the entire cybersecurity industry.
Watch this short video with ExtraHop expert Josh Snow as he guides you through a Black Basta ransomware attack, from initial access to how it impairs and turns off defenses. He explains how network detection and response (NDR) from ExtraHop Reveal(x) 360 can detect this attack at a variety of stages, from initial access, to reconnaissance, to command and control (C2) and beyond. Josh shows the tactics and techniques Reveal(x) 360 detects, including network privilege escalation, loading backdoors, C2 shell-based beaconing, unusual schedule task, Active Directory (AD) enumeration with BloodHound, and more.