Surgical order Among the ransomware gangs that are always changing and developing, with the most active and reckless groups gaining large payments from vulnerable goals, but eventually appearing. The Russian Black Basta speaking group is the latest example of the trend that has been delayed in recent months due to the destruction of law enforcement agencies and a leak. But after a few quiet weeks, the researchers warned that not to die and disappear, the actors related to Black Basta will recreate in other cyber criminal groups or there is likely to have once again started the cycle again.
Since its appearance in April 2022, Black Basta has created hundreds of millions of dollars pay Targeting a series of business victims in health care, important infrastructure and other shares. The extorting team is double for pressure targets to pay a data ransom and threaten it while also encrypting the systems of a target to keep the hostages. US Cyber Security and Security Agency warning Last year, Black Basta participated in an attack targeting more than 500 organizations in North America, Europe and Australia.
A large international law enforcement agency removal However, in 2023, Qakbot's Botnet hindered Black Basta's activities. And, this February, Leak main internal data of the groupThe software includes a chat diary and group activity information locked. Since then, it has not worked. However, researchers warned that the criminals behind Black Basta moved and almost certainly released a revival.
Allan Liskka, an intelligence analyst, a threat focusing on ransomware at the security company that has recorded the future that there is still too much money in it. And the ransomware actors are creatures that have the same habits like anyone.
The leak has revealed details about the technical capabilities and malware of Black Basta, internal arguments and clues about the identities of the actors behind the group, especially its main administrator. Data is exposed from what can be considered the golden age of Black Basta, in September 2023 to September 2024. During this period, the group did not avoid the possibility of harming violations. For example, a particularly positive attack last year on St. Louis, has caused interruption In care, including ambulance rated.
Black Basta struggled to maintain its motivation, although, after the breakdown of Qakbot in 2023, was called the Duck Hunt campaign.
It was a big shot for them, and they tried to regain their feet, use other botnets, work on a custom botnet, but that was not really active, and in the end their infection rate was decreasing, Yelisey Bohuslavskiy, research director of the Redsense threat research company. They have fewer goals and have less life. They are still dangerous, but it feels that there is bad worsening.
Even in this decline, there is evidence that Black Basta is trying to enhance the revival. In addition to exploring new malware, gangs began to focus on compromising goals through social and influential technical campaigns, especially spam email and technology support activities. But after the leak, Bohuslavskiy said the members began to move to other groups and highlighted their new gangs.
Like any industry, Russia's network landscape is full of people who have worked together or compete with each other for many years. Black Basta has been able to set up themselves very quickly because many of their members have participated in previous cyber criminal activities, including long -term cyber criminals. Conti is a famous group for another group Internal leakage The incident in 2022 was exposed work inside And Relationship with Kremlin. After Conti collapsed, the researchers Follow your members when they disperse and start new hacking groups, including Black Basta.