diff --git a/modules/signatures/windows/ransomware_fileextensions.py b/modules/signatures/windows/ransomware_fileextensions.py
index 71b2674a..7698b056 100644
--- a/modules/signatures/windows/ransomware_fileextensions.py
+++ b/modules/signatures/windows/ransomware_fileextensions.py
@@ -133,6 +133,7 @@ def run(self):
             (".*\.__NIST_[A-Z0-9]{4}__$", ["Babuk"]),
             (".*\.phoenix$", ["PhoenixCryptoLocker"]),
             (".*\.blackbyte$", ["BlackByte"]),
+            (".*\.basta$", ["BlackBasta"]),
         ]
 
         for indicator in indicators: