Black Basta ransomware could be linked to Conti. The cybersecurity researcher MalwareHunterTeam: Similarities in the leak and payment pages, and in operator behavior. Minerva: Malware maintains persistence via Windows Fax System

It’s called Black Basta and it’s a new ransomware in circulation, which has already targeted a dozen companies since April. Minerva’s cybersecurity experts denounce this, after carried out a technical analysis of the malware, discovering that it requires administrator privileges in order to function. Furthermore, it hacks the Windows Fax System to maintain persistence on infected machines. MalwareHunterTeam, who detected the first samples already last February, also believes that Black Basta is connected to Conti, the pro-Russia group very active even after the invasion of Ukraine. In particular, there are similarities between the sites where data leaks are published, those for payment and in the modus operandi in which the members of the group converse with the victims and behave.