Independent cybersecurity consultancy and research collective Security Research Labs has released a new free Black Basta ransomware decryption tool, according to BleepingComputer.
Such a decryptor, dubbed Black Basta Buster, was developed following the discovery of an encryption algorithm vulnerability that exposed a ChaCha keystream for file XOR encryption. Black Basta Buster also includes the "decryptauto.py" script to enable automated key retrieval for file decryption.
"Our analysis suggests that files can be recovered if the plaintext of 64 encrypted bytes is known. Whether a file is fully or partially recoverable depends on the size of the file," said SRLabs researchers, who added that while recovery is impossible for files smaller than 5KB, it is likely for files between 5KB and 1GB and only possible for the first 5KB of those larger than 1GB.
Organizations hit by Black Basta between November 2022 and the last week of December could use the decryptor but recent updates by the ransomware operation that addressed the flaw have made the decryption tool inoperable in newer attacks.
Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.
Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma Stealer and proceeding with the exfiltration of sensitive device data.
Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.