Russian Ransom Gang Black Basta Exposed
One of the most active Russian ransomware groups has been effectively exposed by security researchers in recent weeks. They gained access and insights into the systems and processes at the “Black Basta” gang.
There are currently only a few players in the ransomware scene who are responsible for the really big campaigns. Names like Hive or LockBit are known here, but Black Basta also belongs to this group. Hive recently suffered a major setback when FBI investigators severely curtailed the group’s ability to market its malware to the so-called ransomware-as-a-service (RaaS) industry.
Now it was also possible to step on Black Basta’s toes. The experts from the security company Quadrant Information Security had the main part in this. These caught the Black Basta people in the act of infiltrating a company’s network. The data that can be found is then copied and the servers in the company network are then encrypted in order to be able to enforce ransom payments.
More than just switching off
The point here is not just that the victims can get the decryption key by paying because companies in particular often have backups that can be used to fix the worst. The attackers are therefore also blackmailing the company with the threat of making the internal data public.
In the most recent case, the attack was not only prevented, but the security researchers also penetrated deep into Black Basta’s structures. This should lead to the group basically no longer being able to continue working on the basis it has built up for a long time. Because every new action that is carried out with the infrastructure last used can actually be observed live and stopped at the right moment. That should be as effective as a complete takeover of the servers used.
Furthermore, the issue of the security industry also offers the opportunity to delve into the inner structures and working methods of the ransomware scene in much more detail than before. Two reports published by Quadrant employees can serve as a starting point. The first report goes into the technical details of the malware and tactics used by Black Basta. The second report focuses on the backend servers and how they are managed.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
