KELA REPORT
Unveiling Black Basta’s Use of PhaaS Platforms
How Top-Tier Ransomware Relies on External Phishing Services.
A new investigation by KELA reveals how ransomware operators like Black Basta rely on professionalized Phishing-as-a-Service (PhaaS) offerings to scale their initial access operations. Based on leaked internal chats, the report exposes how these underground services play a critical role in the broader cybercrime ecosystem.
This report is for CISOs, threat intel analysts, SOC teams, and incident responders focused on ransomware defense and early access detection.
In this report, you’ll learn:
- How demand for PhaaS has surged 650% since early 2023
- Which phishing tools and vendors Black Basta uses, including EvilVNC, kalashnikov, and verb0
- Intelligence and indicators for detecting access sold through phishing services
- Strategic recommendations for threat intelligence and security teams
Download the Report
Inside the Infostealer Epidemic – Webinar
Join Lin Levi, Threat Intelligence Analyst at KELA, as she analyzes the rise of infostealers and their critical role in driving credential-based attacks, including ransomware, business email compromise (BEC), and identity fraud.
KELA Ransomware Protection Suite
KELA delivers a comprehensive, intelligence-driven defense, designed to neutralize ransomware threats before they can impact your business.
Inside the Black Basta Leak: How Ransomware Operators Gain Access
In this report – understand how attackers operate and how you can strengthen your defenses.