{"id":279075,"date":"2022-04-29T15:15:51","date_gmt":"2022-04-29T14:15:51","guid":{"rendered":"https:\/\/www.stormshield.com\/?p=279075"},"modified":"2024-02-15T10:47:43","modified_gmt":"2024-02-15T09:47:43","slug":"alerte-securite-black-basta-la-reponse-des-solutions-stormshield","status":"publish","type":"post","link":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/","title":{"rendered":"Alerte s\u00e9curit\u00e9 Black Basta : la r\u00e9ponse des solutions Stormshield"},"content":{"rendered":"<p><strong>Un nouveau groupe de cyber-criminels, Black Basta, fait parler de lui en cette fin avril, en ayant impact\u00e9 d\u00e9j\u00e0 plus de 12 entreprises, dont certaines sur le sol fran\u00e7ais. Le groupe est tr\u00e8s jeune, puisque leur premi\u00e8re cible identifi\u00e9e ne date que de la premi\u00e8re moiti\u00e9 d\u2019avril. Mais au vu de leur palmar\u00e8s, il est tr\u00e8s fort probable que ce soit un groupe \u00e9tabli qui aurait d\u00e9cid\u00e9 de changer de nom. Le point sur le ransomware black basta, avec l\u2019\u00e9quipe Stormshield Customer Security Lab.<\/strong><\/p>\n<p>&nbsp;<\/p>\n<h2>Le contexte de l\u2019attaque Black Basta<\/h2>\n<p>Le 20 avril, la soci\u00e9t\u00e9 d\u2019administration de biens immobiliers Oralia annon\u00e7ait avoir subi une attaque paralysant son parc informatique. Tr\u00e8s rapidement, le piratage est revendiqu\u00e9 via un site vitrine sur le darkweb, appartenant \u00e0 un nouveau groupe de cyber-criminels\u00a0: Black Basta.<\/p>\n<p>Si le vecteur de d\u00e9ploiement est encore ind\u00e9termin\u00e9, le ransomware utilis\u00e9 est relativement classique\u00a0: apr\u00e8s avoir d\u00e9tourn\u00e9 un service l\u00e9gitime de Windows pour s\u2019ex\u00e9cuter en mode sans \u00e9chec, il exfiltre les donn\u00e9es du poste et les chiffre. Il s\u2019assure aussi de supprimer toutes les sauvegardes entrainant la perte des donn\u00e9es des machines impact\u00e9es (serveur ou poste de travail).<\/p>\n<p>&nbsp;<\/p>\n<h2>Les d\u00e9tails techniques du ransomware Black Basta<\/h2>\n<p>\u00c0 ce jour, trois variantes de ce ransomware black basta sont connues :<\/p>\n<ul>\n<li>17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90<\/li>\n<li>7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a<\/li>\n<li>5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa<\/li>\n<\/ul>\n<p>Une inspection montre qu\u2019il n\u2019y a pas de signature associ\u00e9e \u00e0 ces fichiers. Fait int\u00e9ressant\u00a0: un des trois fichiers semble \u00eatre un prototype des deux seconds, avec une note de ran\u00e7on diff\u00e9rente et chiffrant directement les fichiers sans essayer de d\u00e9truire les backups du poste. Il permet m\u00eame l\u2019affichage de logs de d\u00e9bug pour voir le d\u00e9roul\u00e9 de l\u2019ex\u00e9cution du binaire - fait tr\u00e8s rare habituellement qui confirmerait l\u2019hypoth\u00e8se d\u2019un binaire d\u2019essai.<\/p>\n<div id=\"attachment_279076\" style=\"width: 810px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-279076\" class=\"wp-image-279076\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-1-1.png\" alt=\"\" width=\"800\" height=\"418\" srcset=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-1-1.png 975w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-1-1-300x157.png 300w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-1-1-768x401.png 768w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-1-1-700x365.png 700w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><p id=\"caption-attachment-279076\" class=\"wp-caption-text\"><em><small>Illustration 1 : affichage en console du chiffrement des fichiers<\/small><\/em><\/p><\/div>\n<p>Le malware n\u2019a pas \u00e9t\u00e9 retouch\u00e9 post compilation, pour rendre son analyse difficile. En ce sens, il n\u2019est pas compact\u00e9 (pack\u00e9) et les cha\u00eenes de caract\u00e8res apparaissent en clair. Compar\u00e9 aux deux autres samples, il diff\u00e8re en plusieurs points\u00a0:<\/p>\n<ul>\n<li>La mani\u00e8re de chiffrer est diff\u00e9rente\u00a0: il n\u2019y a pas de red\u00e9marrage\u00a0;<\/li>\n<li>La note de ransomware black basta est diff\u00e9rente et bien plus longue ;<\/li>\n<li>L\u2019affichage \u00e0 l\u2019\u00e9cran est diff\u00e9rent\u00a0: aucune image n\u2019est utilis\u00e9e.<\/li>\n<\/ul>\n<p>La note de ran\u00e7on explicite le ransomware chiffr\u00e9 comme \u00e9tant \u00ab no_name_ransomware \u00bb.<\/p>\n<div id=\"attachment_279081\" style=\"width: 810px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-279081\" class=\"wp-image-279081\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-2-1.png\" alt=\"\" width=\"800\" height=\"574\" srcset=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-2-1.png 1023w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-2-1-300x215.png 300w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-2-1-768x551.png 768w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-2-1-700x502.png 700w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><p id=\"caption-attachment-279081\" class=\"wp-caption-text\"><em><small>Illustration 2\u00a0: note de ran\u00e7on quand le prototype chiffre le poste<\/small><\/em><\/p><\/div>\n<p>En mati\u00e8re de fonctionnement, lorsque le malware d\u00e9bute son ex\u00e9cution, il chiffre les ressources du poste en plus de d\u00e9poser la note.<\/p>\n<p>Les diff\u00e9rences avec le prototype s\u2019arr\u00eatent l\u00e0, car contrairement au premier malware, les deux suivants sont bien plus aboutis. Leurs objectifs sont multiples\u00a0: contourner les protections du poste, supprimer les backups et de chiffrer le poste. Ces deux samples sont trait\u00e9s en m\u00eame temps car, bien qu\u2019ils aient un hash diff\u00e9rent, ils r\u00e9alisent sensiblement les m\u00eames actions.<\/p>\n<p>La souche Black Basta r\u00e9alise les actions suivantes\u00a0:<\/p>\n<ol>\n<li>Suppression des backup (Shadow copies) via la commande <strong><em>cmd \/c vssadmin.exe delete shadows \/all \/quiet<\/em><\/strong><\/li>\n<\/ol>\n<ol start=\"2\">\n<li>Inscription dans le gestionnaire de d\u00e9marrage Windows pour d\u00e9marrer en mode sans \u00e9chec avec prise en charge du r\u00e9seau <strong><em>bcdedit \/set safeboot network<\/em><\/strong><\/li>\n<\/ol>\n<ol start=\"3\">\n<li>Expropriation d\u2019un service Windows d\u00e9marr\u00e9 en mode sans \u00e9chec<\/li>\n<\/ol>\n<div id=\"attachment_279086\" style=\"width: 810px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-279086\" class=\"wp-image-279086\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-3-1.png\" alt=\"\" width=\"800\" height=\"602\" srcset=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-3-1.png 795w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-3-1-300x226.png 300w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-3-1-768x578.png 768w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-3-1-700x527.png 700w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><p id=\"caption-attachment-279086\" class=\"wp-caption-text\"><em><small>Illustration 3 : le service de Fax de Windows est redirig\u00e9 pour d\u00e9marrer le malware au d\u00e9marrage du poste<\/small><\/em><\/p><\/div>\n<ol start=\"4\">\n<li>Red\u00e9marrage du poste pour le faire passer en mode sans \u00e9chec <strong><em>shutdown -r -f -t 0<\/em><\/strong><\/li>\n<\/ol>\n<ol start=\"5\">\n<li>Ex\u00e9cution de la charge en mode sans \u00e9chec\n<ul>\n<li>Exfiltration des fichiers<\/li>\n<li>Chiffrement des fichiers, l\u2019algorithme est ChaCha20 avec une extension en \u2018<em>.basta\u2019<\/em><\/li>\n<li>D\u00e9p\u00f4t de la note de ran\u00e7on<\/li>\n<li>Changement du fond d\u2019\u00e9cran du poste.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<p>Il est int\u00e9ressant de noter que malgr\u00e9 le hijacking d\u2019un service d\u00e9marr\u00e9 automatiquement, la charge ne se red\u00e9marrera pas et ne chiffrera pas de nouveau les fichiers car le service de fax est d\u00e9sactiv\u00e9.<\/p>\n<div id=\"attachment_279091\" style=\"width: 810px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-279091\" class=\"wp-image-279091\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-4-1.png\" alt=\"\" width=\"800\" height=\"650\" srcset=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-4-1.png 1015w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-4-1-300x244.png 300w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-4-1-768x624.png 768w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-4-1-700x569.png 700w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><p id=\"caption-attachment-279091\" class=\"wp-caption-text\"><em><small>Illustration 4 : le poste est chiffr\u00e9 et inutilisable<\/small><\/em><\/p><\/div>\n<h3>Les syst\u00e8mes cibl\u00e9s par le ransomware black basta<\/h3>\n<p>Ce malware s\u2019attaque aux syst\u00e8mes Windows XP, Vista, Seven, 10 et 11, \u00e0 la fois 32 bits et 64 bits, quel que soit le langage du syst\u00e8me.<\/p>\n<h3>Les autres informations du ransomware black basta<\/h3>\n<p><strong>Droits administrateurs<\/strong><\/p>\n<p>Ce malware n\u00e9cessite absolument des droits administrateurs afin de pouvoir d\u00e9poser le driver et le charger. Cela n\u2019est pas un probl\u00e8me pour les cyber-criminels, puisque dans le vecteur d\u2019attaque constat\u00e9, le d\u00e9ploiement du malware \u00e9tait fait au travers d\u2019une compromission initiale du parc.<\/p>\n<p><strong>D\u00e9lai d\u2019ex\u00e9cution<\/strong><\/p>\n<p>Le malware effectue ses actions malveillantes tr\u00e8s peu de temps apr\u00e8s avoir d\u00e9marr\u00e9. Ainsi, d\u00e8s que son activit\u00e9 CPU tombe \u00e0 0%, le syst\u00e8me est d\u00e9j\u00e0 corrompu. Les fichiers syst\u00e8mes de Windows sont pr\u00e9serv\u00e9s pour que le syst\u00e8me continue de fonctionner. \u00c0 noter que le malware se termine apr\u00e8s avoir chiffr\u00e9 le reste du syst\u00e8me.<\/p>\n<p><strong>Red\u00e9marrage<\/strong><\/p>\n<p>Le malware demande un red\u00e9marrage imm\u00e9diat en mode sans \u00e9chec de la machine apr\u00e8s s\u2019\u00eatre appropri\u00e9 un service Windows.<\/p>\n<p><strong>Divers<\/strong><\/p>\n<ul>\n<li>Il est demand\u00e9 au service VSS de supprimer tous les backups du poste.<\/li>\n<li>Le malware associe les fichiers d\u2019extension \u2018.basta\u2019 avec une ic\u00f4ne qu\u2019il applique via des modifications registres<\/li>\n<li>Le malware change le fond d\u2019\u00e9cran du poste avec une image qu\u2019il applique via des modifications registres<\/li>\n<\/ul>\n<div id=\"attachment_279096\" style=\"width: 810px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-279096\" class=\"wp-image-279096\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-5-1.png\" alt=\"\" width=\"800\" height=\"603\" srcset=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-5-1.png 1015w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-5-1-300x226.png 300w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-5-1-768x579.png 768w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-5-1-700x528.png 700w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><p id=\"caption-attachment-279096\" class=\"wp-caption-text\"><em><small>Illustration 5\u00a0: les ressources d\u00e9pos\u00e9es par le malware<\/small><\/em><\/p><\/div>\n<h2>Les moyens de protection fournis par Stormshield face au ransomware Black Basta<\/h2>\n<h3>Protection avec Stormshield Network Security<\/h3>\n<p>La solution Breach Fighter, sandboxing SaaS compl\u00e9mentaire de la solution SNS, d\u00e9tecte tous les ransomware de type Black Basta.<\/p>\n<p>Lors du passage d\u2019un fichier sur le flux concern\u00e9, SNS va r\u00e9aliser un hash de celui-ci et contr\u00f4ler son innocuit\u00e9 aupr\u00e8s de Breach Fighter (en cas de fichier inconnu, il sera envoy\u00e9 sur notre environnement de d\u00e9tonation Cloud). Il sera par cons\u00e9quent imm\u00e9diatement bloqu\u00e9.<\/p>\n<p>Pour que cette d\u00e9tection soit efficace, il faut\u00a0:<\/p>\n<ul>\n<li>avoir la license Premium Security Pack et l\u2019option Breach Fighter ;<\/li>\n<li>activer le sandboxing sur l\u2019ensemble des flux transportant des fichiers (SMTP, HTTP, FTP).<\/li>\n<\/ul>\n<table class=\" aligncenter\" width=\"623\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\" width=\"312\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-227874\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/indice.png\" alt=\"\" width=\"135\" height=\"101\" \/><\/p>\n<p><em>Indice de confiance de la protection propos\u00e9e par Stormshield<\/em><\/td>\n<td width=\"312\">\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-227874\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/indice.png\" alt=\"\" width=\"135\" height=\"101\" \/><\/p>\n<p style=\"text-align: center;\"><em>Indice de confiance de l\u2019absence de faux positif<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h3>Protection avec Stormshield Endpoint Security Evolution<\/h3>\n<p>Le jeu de r\u00e8gle de protection anti-ransomware pr\u00e9sent par d\u00e9faut dans une installation de SES permet de de bloquer ces souches de malware.<\/p>\n<p>Concr\u00e8tement, le binaire prototype est bloqu\u00e9 par l\u2019heuristique anti-ransomware. La \u00ab\u00a0vraie\u00a0\u00bb souche Black Basta est bloqu\u00e9e par la protection contre la suppression des backups de postes (shadow copies) avant m\u00eame qu\u2019un seul fichier ne soit chiffr\u00e9.<\/p>\n<div id=\"attachment_279101\" style=\"width: 709px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-279101\" class=\"wp-image-279101 size-full\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-6-1-e1651243751550.png\" alt=\"\" width=\"699\" height=\"320\" srcset=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-6-1-e1651243751550.png 699w, https:\/\/www.stormshield.com\/wp-content\/uploads\/capture-6-1-e1651243751550-300x137.png 300w\" sizes=\"auto, (max-width: 699px) 100vw, 699px\" \/><p id=\"caption-attachment-279101\" class=\"wp-caption-text\"><em><small>Illustration 6 : illustration de la r\u00e8gle de blocage<\/small><\/em><\/p><\/div>\n<table class=\" aligncenter\" width=\"623\">\n<tbody>\n<tr>\n<td style=\"text-align: center;\" width=\"312\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-227874\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/indice.png\" alt=\"\" width=\"135\" height=\"101\" \/><\/p>\n<p><em>Indice de confiance de la protection propos\u00e9e par Stormshield<\/em><\/td>\n<td width=\"312\">\n<p style=\"text-align: center;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-232004\" src=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/indice-2.png\" alt=\"\" width=\"130\" height=\"97\" \/><\/p>\n<p style=\"text-align: center;\"><em>Indice de confiance de l\u2019absence de faux positif<\/em><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>IOC \/ Infos utiles du ransomware Black Basta<\/h2>\n<p>Sha256 :<\/p>\n<ul>\n<li>5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa<\/li>\n<li>7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a<\/li>\n<li>e64a1150535a823aa2d2c4c92ab8a3804703aae7126500fd000a4447233b65fb<\/li>\n<\/ul>\n<p>Portail Breach Fighter :<\/p>\n<ul>\n<li><a href=\"https:\/\/breachfighter.stormshieldcs.eu\/5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa\" target=\"_blank\" rel=\"noopener\">bf.stormshieldcs.eu\/5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa<\/a><\/li>\n<li><a href=\"https:\/\/breachfighter.stormshieldcs.eu\/7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a\" target=\"_blank\" rel=\"noopener\">bf.stormshieldcs.eu\/7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a<\/a><\/li>\n<li><a href=\"https:\/\/breachfighter.stormshieldcs.eu\/e64a1150535a823aa2d2c4c92ab8a3804703aae7126500fd000a4447233b65fb\" target=\"_blank\" rel=\"noopener\">bf.stormshieldcs.eu\/e64a1150535a823aa2d2c4c92ab8a3804703aae7126500fd000a4447233b65fb<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Un nouveau groupe de cyber-criminels, Black Basta, fait parler de lui en cette fin avril, en ayant impact\u00e9 d\u00e9j\u00e0 plus de 12 entreprises, dont certaines sur le sol fran\u00e7ais. Le groupe est tr\u00e8s jeune, puisque leur premi\u00e8re cible identifi\u00e9e ne date que de la premi\u00e8re&#8230;<\/p>\n","protected":false},"author":83,"featured_media":190179,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1503],"tags":[4368],"business_size":[],"industry":[],"help_mefind":[],"features":[],"type_security":[],"maintenance":[],"offer":[],"administration_tools":[],"cloud_offers":[],"listing_product":[1565,1530],"class_list":["post-279075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-alertes","tag-la-cybersecurite-par-stormshield","listing_product-ses-fr","listing_product-sns-fr"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>BlackBasta : quelles protections avec les produits Stormshield<\/title>\n<meta name=\"description\" content=\"Gang BlackBasta : les protections des solutions Stormshield SNS et SES Evolution face \u00e0 leur ransomware BlackBasta.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BlackBasta : quelles protections avec les produits Stormshield\" \/>\n<meta property=\"og:description\" content=\"Gang BlackBasta : les protections des solutions Stormshield SNS et SES Evolution face \u00e0 leur ransomware BlackBasta.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\" \/>\n<meta property=\"og:site_name\" content=\"Stormshield\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-29T14:15:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-15T09:47:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1422\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Stormshield Customer Security Lab\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:site\" content=\"@Stormshield\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Stormshield Customer Security Lab\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\"},\"author\":{\"name\":\"Stormshield Customer Security Lab\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\"},\"headline\":\"Alerte s\u00e9curit\u00e9 Black Basta : la r\u00e9ponse des solutions Stormshield\",\"datePublished\":\"2022-04-29T14:15:51+00:00\",\"dateModified\":\"2024-02-15T09:47:43+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\"},\"wordCount\":1413,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"keywords\":[\"La cybers\u00e9curit\u00e9 - par Stormshield\"],\"articleSection\":[\"Alertes\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\",\"url\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\",\"name\":\"BlackBasta : quelles protections avec les produits Stormshield\",\"isPartOf\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"datePublished\":\"2022-04-29T14:15:51+00:00\",\"dateModified\":\"2024-02-15T09:47:43+00:00\",\"author\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\"},\"description\":\"Gang BlackBasta : les protections des solutions Stormshield SNS et SES Evolution face \u00e0 leur ransomware BlackBasta.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage\",\"url\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"contentUrl\":\"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg\",\"width\":2560,\"height\":1422},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.stormshield.com\/fr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Alerte s\u00e9curit\u00e9 Black Basta : la r\u00e9ponse des solutions Stormshield\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#website\",\"url\":\"https:\/\/www.stormshield.com\/fr\/\",\"name\":\"Stormshield\",\"description\":\"Stormshield\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249\",\"name\":\"Stormshield Customer Security Lab\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g\",\"caption\":\"Stormshield Customer Security Lab\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"BlackBasta : quelles protections avec les produits Stormshield","description":"Gang BlackBasta : les protections des solutions Stormshield SNS et SES Evolution face \u00e0 leur ransomware BlackBasta.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/","og_locale":"fr_FR","og_type":"article","og_title":"BlackBasta : quelles protections avec les produits Stormshield","og_description":"Gang BlackBasta : les protections des solutions Stormshield SNS et SES Evolution face \u00e0 leur ransomware BlackBasta.","og_url":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/","og_site_name":"Stormshield","article_published_time":"2022-04-29T14:15:51+00:00","article_modified_time":"2024-02-15T09:47:43+00:00","og_image":[{"width":2560,"height":1422,"url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","type":"image\/jpeg"}],"author":"Stormshield Customer Security Lab","twitter_card":"summary_large_image","twitter_creator":"@Stormshield","twitter_site":"@Stormshield","twitter_misc":{"\u00c9crit par":"Stormshield Customer Security Lab","Dur\u00e9e de lecture estim\u00e9e":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#article","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/"},"author":{"name":"Stormshield Customer Security Lab","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"headline":"Alerte s\u00e9curit\u00e9 Black Basta : la r\u00e9ponse des solutions Stormshield","datePublished":"2022-04-29T14:15:51+00:00","dateModified":"2024-02-15T09:47:43+00:00","mainEntityOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/"},"wordCount":1413,"commentCount":0,"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","keywords":["La cybers\u00e9curit\u00e9 - par Stormshield"],"articleSection":["Alertes"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/","url":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/","name":"BlackBasta : quelles protections avec les produits Stormshield","isPartOf":{"@id":"https:\/\/www.stormshield.com\/fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage"},"image":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage"},"thumbnailUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","datePublished":"2022-04-29T14:15:51+00:00","dateModified":"2024-02-15T09:47:43+00:00","author":{"@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249"},"description":"Gang BlackBasta : les protections des solutions Stormshield SNS et SES Evolution face \u00e0 leur ransomware BlackBasta.","breadcrumb":{"@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#primaryimage","url":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","contentUrl":"https:\/\/www.stormshield.com\/wp-content\/uploads\/shutterstock_1534485395-scaled.jpg","width":2560,"height":1422},{"@type":"BreadcrumbList","@id":"https:\/\/www.stormshield.com\/fr\/actus\/alerte-securite-black-basta-la-reponse-des-solutions-stormshield\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.stormshield.com\/fr\/"},{"@type":"ListItem","position":2,"name":"Alerte s\u00e9curit\u00e9 Black Basta : la r\u00e9ponse des solutions Stormshield"}]},{"@type":"WebSite","@id":"https:\/\/www.stormshield.com\/fr\/#website","url":"https:\/\/www.stormshield.com\/fr\/","name":"Stormshield","description":"Stormshield","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.stormshield.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Person","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/a05f467cec789f90c8a355b178743249","name":"Stormshield Customer Security Lab","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.stormshield.com\/fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/46b9416c400398c1a9fc878c7a35bd2ae4f79caeeda138facd5cb65a4ab91c5d?s=96&d=mm&r=g","caption":"Stormshield Customer Security Lab"}}]}},"_links":{"self":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/279075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/users\/83"}],"replies":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/comments?post=279075"}],"version-history":[{"count":10,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/279075\/revisions"}],"predecessor-version":[{"id":493403,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/posts\/279075\/revisions\/493403"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media\/190179"}],"wp:attachment":[{"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/media?parent=279075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/categories?post=279075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/tags?post=279075"},{"taxonomy":"business_size","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/business_size?post=279075"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/industry?post=279075"},{"taxonomy":"help_mefind","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/help_mefind?post=279075"},{"taxonomy":"features","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/features?post=279075"},{"taxonomy":"type_security","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/type_security?post=279075"},{"taxonomy":"maintenance","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/maintenance?post=279075"},{"taxonomy":"offer","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/offer?post=279075"},{"taxonomy":"administration_tools","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/administration_tools?post=279075"},{"taxonomy":"cloud_offers","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/cloud_offers?post=279075"},{"taxonomy":"listing_product","embeddable":true,"href":"https:\/\/www.stormshield.com\/fr\/wp-json\/wp\/v2\/listing_product?post=279075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}