Multiple new ransomware strains have popped up lately, demanding large ransoms and threatening users with data encryption and leaks. Two of the newest operations are identified as Black Basta and Onyx.

Black Basta ransomware

Black Basta—spotted in the second week of April—has quickly spread worldwide and already breached at least 12 firms.
  • The ransomware steals corporate data and documents before encrypting a device.
  • After infection, it will add the .basta extension to the encrypted or locked file's name.
  • The ransom demands vary among victims, one victim received a whopping $2 million demand.
  • The most recent victim includes Deutsche Windtechnik, which suffered a cyberattack on April 11. Recently, the group’s data leak site started leaking data from the American Dental Association.

Onyx ransomware

Onyx has been wreaking havoc by destroying large files instead of locking them and preventing decryption even if the ransom is paid.
  • The group steals data from a network before encrypting devices. After that, the data is used for double extortion where they threaten to leak the data if a ransom is not paid.
  • The ransomware group has six victims listed on its data leak page. 
  • The technical functionality of this ransomware is not known and explained yet, however, it is thought to encrypt files smaller than 200MB. 
  • For files larger than 200MB, it will overwrite the headers with random data, without any backup or copy. Once overwritten, there is no way to decrypt larger files.


The threat landscape keeps growing with new ransomware targeting people or organizations worldwide. Thus, experts suggest investing in robust anti-ransomware solutions and taking backup. Further, deploy network firewalls and configure proper access controls.

Cyware Publisher