A significant leak has revealed internal communications from the Black Basta ransomware group, exposing their operations and tactics.

Details of the Leak

An anonymous source has released what they claim to be internal chat logs of the Black Basta ransomware group. Initially shared on the MEGA platform, the logs have now been moved to a dedicated Telegram channel.

The identity of the leaker, known as ExploitWhispers, remains uncertain. It is unclear whether they are a cybersecurity expert who infiltrated the gang's chat system or a discontented insider.

Possible Motives Behind the Leak

The reason for this disclosure is not officially confirmed. However, cybersecurity firm PRODAFT suggests it might be linked to Black Basta's alleged attacks on Russian financial institutions.

PRODAFT's analysis indicates that internal disputes have caused a lull in Black Basta's activities. Some members reportedly scammed victims by taking ransom payments without delivering decryptors.

Contents of the Leaked Chats

The leaked archive includes messages from Black Basta's internal communications spanning September 2023 to September 2024. These messages reveal phishing strategies, cryptocurrency addresses, victim credentials, and other operational details.

  • Phishing templates and targeted email lists
  • Cryptocurrency addresses for ransom payments
  • Details of data breaches and victim credentials
  • 367 ZoomInfo links indicating targeted companies

The chats also identify key members of the group, such as Lapa, Cortes, YY, and Trump, the latter being the group's leader, Oleg Nefedov.

Background on Black Basta

Black Basta is a Ransomware-as-a-Service (RaaS) operation that surfaced in April 2022. It has targeted numerous high-profile organizations, including defense contractors, healthcare providers, and government entities.

Notable victims include Rheinmetall, Hyundai Europe, BT Group, Ascension, ABB, the American Dental Association, Capita, the Toronto Public Library, and Yellow Pages Canada.

According to a joint report by CISA and the FBI, Black Basta affiliates compromised over 500 organizations between April 2022 and May 2024. Research from Corvus Insurance and Elliptic estimates the group collected around $100 million in ransom from over 90 victims by November 2023.

For more insights into ransomware threats, explore our detailed Research section.

The link has been copied!