It’s never a good thing when well-organized groups of hackers start working together, but that’s what appears to be happening.
Recently, evidence has emerged that the Black Basta ransomware gang has begun tight-knit cooperation with the infamous QBot malware operation. They share the specific goal of inflicting maximum damage on corporate targets.
While many different groups make use of QBot for initial infection, Black Basta’s use is somewhat different. The group is leveraging it to spread laterally through a network once they have infected it.
The partnership stands to be devastatingly effective. Black Basta’s ransomware paired with QBot’s penchant for stealing banking credentials and injecting additional malicious payloads could easily deliver a one-two punch that would be very difficult for a company to recover from.
The bad news here is that QBot (also known as QakBot) can move quickly once inside a compromised network.
Fortunately, the way Black Basta is leveraging QBot, there is a window of opportunity between the time that QBot is moving laterally and the actual ransomware infection. So diligent IT Security professionals may be able to stop QBot’s spread before the ransomware payload is deployed.
That’s good in theory but the sad truth is that many companies won’t move quickly enough to stop the ransomware attack, which will leave them crippled from that and see their banking credentials compromised to boot.
Exactly how effective this new partnership will be remains to be seen, but both QBot and Black Basta have made names for themselves as fearsome hacking groups. Black Basta has been breaching dozens of networks over the course of their relatively short existence and QBot has made a name for themselves over a much longer period.
In any case, this is a dangerous combination and you will want to be on the alert for both groups and the ransomware they are deploying. The hackers represent genuine threats, whether operating on their own or in tandem.