A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a troublesome loader associated with multiple malicious activities, including information theft, keylogging, cryptocurrency miners, and ransomware such as Black Basta. Forty-one percent of the targets of the campaign — which appears to have begun in August — are organizations in the…

The Black Basta ransomware emerged last month to target Windows-based systems only, but now the latest ransomware binary is going after VMware virtual machines (VMs). The latest variant looks to encrypt VMs present inside the volumes folder (/vmfs/volumes) on ESXi-based systems and servers, according to research shared with Dark Reading by Uptycs. It uses the…

The existence of Black Basta came to light in mid-April, but MalwareHunterTeam researchers spotted a sample apparently compiled in February. The cybercriminals behind Black Basta use malware to encrypt files on compromised systems, appending the .basta extension to encrypted files. In addition, like many other ransomware groups, they steal large amounts of information from victims…