Home
Our Services
Free resources
- Privacy Research
  Free to use data privacy research
  Key Capabilities
  Latest privacy news tracking
  Product versions
  Latest privacy news tracking
  Track the latest news, breaches and fines
  Key features
  Tracks the latest breaches and fines
  View by industry
  View by breach method
  View by privacy topic
  Links to original articles
  Free to use
  
  Learn more »
  Latest Threat Intelligence
  Product versions
  Latest Threat Intelligence
  Track the Common Vulnerability Exposures (CVEs)
  Key features
  Tracks the latest vulnerabilities
  View by company
  View by breach method
  Links to NVD
  Free to use
  
  Learn more »
  Breach modelling and ROI calculator
  Product versions
  Breach modelling and ROI calculator
  Model what a breach would look like for you in your industry and use this to calculate your return on investment
  Key features
  Model your breach
  Assess the severity
  Compare by industry
  Breakdown costs
  Export to your business plan
  Free to use
  
  Learn more »
Privacy news
Company
- About Us
- FAQ
- Contact Us

Black Basta Ransomware Group Makes 100m Since 2022 Infosecurity Magazine

pUK EMEA News Reporter Infosecurity MagazineppA prolific Russianspeaking ransomware group has made over 100m from dozens of victims since April 2022 new analysis has revealedppCorvus Insurance used the Elliptic Investigator blockchain forensics tool to lift the lid on the Black Basta groupppThe tool helped it to uncover patterns in the groups online activities which enabled it to trace a large number of Bitcoin ransoms with a high degree of certaintyppOur analysis suggests that Black Basta has received at least 107m in ransom payments since early 2022 across more than 90 victims The largest received ransom payment was 9m and at least 18 of the ransoms exceeded 1m The average ransom payment was 12m said Corvus InsuranceppIt should be noted that these figures are a lower bound there are likely to be other ransom payments made to Black Basta that our analysis is yet to identify particularly relating to recent victimsppRead more on Black Basta Black Basta Ransomware Attacks Linked to FIN7 Threat ActorppThe analysis uncovered links between Black Basta and both the Conti ransomware group and the Quakbot malwareppIts long been suspected that Black Basta is an offshoot of Conti a prolific ransomware group which ceased operations at the time Black Basta began The new analysis from Corvus highlighted significant crossover in targeted sectors with both focusing their efforts on manufacturing constructionengineering wholesaleretail financial services and transportation and logistics firmsppIt also traced several million dollars worth of Bitcoin from Contilinked wallets to wallets associated with Black BastappMeanwhile Quakbot which infects victim machines through phishing emails is often used to deploy Black BastappThis link between the groups is also visible on the blockchain with portions of some victims ransoms sent to Qakbot wallets Corvus continuedppThese transactions indicate that approximately 10 of the ransom amount was forwarded on to Qakbot in cases where they were involved in providing access to the victim Qakbot was disrupted in August 2023 by a multinational law enforcement operation perhaps explaining a marked reduction in Black Basta attacks in the second half of 2023p

Read the original article 30 Nov 2023

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

Black Basta Ransomware Group Makes 100m Since 2022 Infosecurity Magazine