ExploitWhispers also shared information about some Black Basta ransomware gang members, including Lapa (one of the operation's admins), Cortes (a threat actor linked to the Qakbot group), YY (Black Basta's main administrator), and Trump (aka GG and AA), the group's boss (Oleg Nefedov). In February 2022, a Ukrainian security researcher also leaked over 170,000 internal chat conversations and the source code for the Conti ransomware encryptor online after the infamous Russian-based Conti cybercrime syndicate sided with Russia following Ukraine's invasion. An unknown leaker has released what they claim to be an archive of internal Matrix chat logs belonging to the Black Basta ransomware operation. The Black Basta Ransomware-as-a-Service (RaaS) operation emerged in April 2022 and has claimed many high-profile victims worldwide, including healthcare companies and government contractors. The leaked archive contains messages exchanged in Black Basta's internal chat rooms between September 18, 2023, and September 28, 2024. Some of their victims include German defense contractor Rheinmetall, Hyundai's European division, BT Group(formerly British Telecom), U.S. healthcare giant Ascension, government contractor ABB, the American Dental Association, U.K. tech outsourcing firm Capita, the Toronto Public Library, and Yellow Pages Canada. While they never shared the reason behind this move, cyber threat intelligence company PRODAFT said today that the leak could directly result from the ransomware gang's alleged attacks targeting Russian banks. According to joint research from Corvus Insurance and Elliptic, the ransomware gang also collected an estimated $100 million in ransom payments from over 90 victims until November 2023. BleepingComputer's analysis of the messages shows they contain a wide range of information, including phishing templates and emails to send them to, cryptocurrency addresses, data drops, victim's credentials, and confirmation of tactics we previously reported on. It's not yet clear if ExploitWhispers is a security researcher who gained access to the gang's internal chat server or a disgruntled member. As CISA and the FBI revealed in a joint report issued last May, Black Basta affiliates breached over 500 organizations between April 2022 and May 2024.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 20 Feb 2025 20:50:22 +0000