Imagine getting a message on Microsoft Teams:
“Hi, this is IT support – we noticed some suspicious activity in your inbox.”

What sounds like help is actually the start of a targeted ransomware attack. Black Basta now impersonates internal IT staff via Teams to trick employees into installing remote access tools like AnyDesk or Quick Assist — gaining a foothold into enterprise networks.

In this session, we walk through the anatomy of this attack: from initial access and user manipulation to full-blown ransomware deployment. We’ll close with lessons from leaked internal chat logs of Black Basta operators — offering rare insights into their mindset, structure, and how they run their extortion business. At the end I'll provide some good lessons learned, that you can prepare your organization with.

You will learn:

• How BlackBasta breached many companies
• Quick fixes to prevent these attacks
• A look beyond the horizon at other sophisticated attack methods of our time