BlackBasta: a new propagation method
BlackBasta, the notorious ransomware we have written about before, recently received an update. It now has a second optional command line parameter: “-bomb”.
When that parameter is used, the malware does the following:
- сonnect to the AD using the LDAP library and obtain a list of machines on the network,
- using the list of machines, copy itself to each machine,
- using the Component Object Model (COM), run remotely on each machine.