Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

A Lucrative Scam: Black Basta Ransomware Gang Rakes in $107 Million | #ransomware | #cybercrime


Cybercrime certainly pays: An infamous ransomware group has received at least $107 million in Bitcoin payments since early 2022, researchers say. 

Black Basta, a Russian-speaking ransomware gang, received payments from 90+ victims, according to blockchain tracking firm Elliptic and cybersecurity insurance provider Corvus. 

The findings underscore how paying ransomware gangs can fuel and enrich the hackers behind the attacks. Elliptic says Black Basta’s victims include outsourcing firm Capita, industrial equipment provider ABB, and Dish Network, which has suggested it paid the ransom.  

It’s been long known that individual ransom demands from hackers can reach in the millions. But tracking them all, and for specific gangs, can be difficult. The cybercriminals will not only use different cryptocurrency wallets for each ransom demand, they’ll also attempt to hide and conceal the funds through various laundering services.  

However, Elliptic found a way to track all the ransom payments to Black Basta by identifying “unique patterns in the group’s activity, [which] allowed us to identify a large number of Bitcoin ransoms paid to the group, with high confidence,” the company said. 

Ransom payments received over the past two years to Black Basta

(Credit: Elliptic)

“The largest received ransom payment was $9 million, and at least 18 of the ransoms exceeded $1 million,” Elliptic added. “The average ransom payment was $1.2 million.”

Still, the $107 million only captures part of Black Basta’s total earnings. Elliptic and Corvus estimate the gang has attacked 329 organizations globally, most of them based in the US. That said, only about 115 victims likely paid the ransoms. 

Recommended by Our Editors

Breakdown of victims

(Credit: Elliptic)

Like other ransomware gangs, Black Basta uses a “double extortion” tactic to pressure victims to pay them: First, the group will encrypt entire fleets of computers, shutting them down. At the same time, the gang will also steal sensitive data and threaten to leak it online unless the ransom is paid. 

To attack victims, Black Basta previously used computers already infected with the Qakbot malware to launch their ransomware infections. But in August, the FBI announced it had dismantled the Qakbot infrastructure, which likely dealt a blow to Black Basta’s operations. 

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.





Source link

National Cyber Security

FREE
VIEW