EXPOSING YOUR RANSOMWARE adversaries

Threat Actor Index: Knowledge is Power

Welcome to the Halcyon Ransomware Threat Actor Index, a comprehensive catalog of the most prominent threat actors and ransomware families, to shed light on the ransomware ecosystem. Discover their techniques, tactics, procedures and targeted industries. Make informed decisions, and stay resilient in the face of ransomware.

THREAT ACTOR:

Black Basta

EMERGENCE DATE:

April 2022

CATEGORiZATION:

Ransomware-as-a-Service

THREAT LEVEL:

OVERVIEW DESCRIPTION:

Black Basta emerged in April 2022 as an advanced Ransomware-as-a-Service (RaaS) operation employing double extortion tactics through file encryption and data exfiltration. Targeting healthcare, finance, and manufacturing sectors, the group executed numerous attacks across North America, Europe, and Australia using a closed affiliate model with stringent operational protocols. February 2025 leaked internal communications revealed the group's sophisticated operational structure, including call centers, victim research capabilities, and connections to disbanded Conti operations.

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Explore Recent Threat Group Activity

View All

Q2-2025

Power Rankings: Ransomware Malicious Quartile Q2-2025

Halcyon Presents Ransomware Power Rankings: The Top Ransomware Groups of Q2-2025

Read Report

Q1-2025

Power Rankings: Ransomware Malicious Quartile Q1-2025

Halcyon Presents Ransomware Power Rankings: The Top Ransomware Groups of Q1-2025

Read Report

Q4-2024

Power Rankings: Ransomware Malicious Quartile Q4-2024

Halcyon Presents Ransomware Power Rankings: The Top Ransomware Groups of Q4-2024

Read Report

Q3-2024

Power Rankings: Ransomware Malicious Quartile Q3-2024

Halcyon Presents Ransomware Power Rankings: The Top Ransomware Groups of Q3-2024

Read Report

Q2-2024

Power Rankings: Ransomware Malicious Quartile Q2-2024

Halcyon Presents Ransomware Power Rankings: The Top Ransomware Groups of Q2-2024

Read Report

Q1-2024

Power Rankings: Ransomware Malicious Quartile Q1-2024

Halcyon Presents Ransomware Power Rankings: The Top Ransomware Groups of Q1-2024

Read Report

Q2-2023

Power Rankings: Ransomware Malicious Quartile Q2-2023

More than 2,300 organizations succumbed to ransomware attacks in just the first half of 2023 according tothe most recent data, with the vast majority carried out by only three ransomware operators: LockBit(35.3%), ALPHV/BlackCat (14.2%), and Cl0p (11.9%). Overall, ransomware attacks were up 74% in Q2-2023 over Q1 volumes.

Read Report

Q3-2023

Power Rankings: Ransomware Malicious Quartile Q3-2023

Ransomware Unabated: Ransomware operators are set to have the second most profitable year according to the Department of Homeland Security’s 2024 Homeland Threat Assessment report. Ransomware poses an existential threat to organizations of all sizes in any vertical. Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.

Read Report

Q4-2023

Power Rankings: Ransomware Malicious Quartile Q4-2023

Ransomware remains one of the most significant threats to organizations of all sizes in all industry verticals. Following a bit of a lull the previous year, the first half of 2023 saw more victims impacted by ransomware attacks than in all of 2022 as threat actors continue to leverage Ransomware-as-a-Service (RaaS) platforms to execute their attacks.

Read Report

Q1-2023

Power Rankings: Ransomware Malicious Quartile Q1-2023

Over the course of 2022, 85% of companies were the victim of at least one ransomware attack, and 74% had experienced multiple attacks. Ransomware has fast become the greatest risk to organizations today.

Read Report

Top Ransomware Groups

Power Rankings: Ransomware Malicious Quartile

Ransomware attacks continue to be extremely lucrative, with ransom demands and recovery costs bleeding victim organizations for millions of dollars.

View All