Ransomware, Patch/Configuration Management, Threat Intelligence
Black Basta chat leaks reveal details on ransomware infrastructure

(Adobe Stock)
Leaked chat logs and forum posts from the Black Basta malware group in March has provided security vendors with some key insights on the technical infrastructure and techniques employed by the notorious cybercrime gang.In its latest quarterly threat report, security vendor ReliaQuest provided a deep look into the inner workings of the malware operation, including the techniques, tools and tricks it uses for its ransomware attacks.The report detailed not only the initial access vectors for the group’s network intrusions, but also the privilege escalation and insistence tools, exfiltration and extortion methods, and ransomware deployment tools.In each category, multiple tools and methods were employed, suggesting that the crew had more than one option at its disposal in each step of the intrusion, exfiltration and cash-out process. The ReliaQuest team told SC Media that while the investigation didn’t uncover any new or particularly unknown finds, it provided them with a far more detailed and extensive overview into how Black Basta operates.It also provided a possible clue as to how the leak of the logs might have come about and what the group knew ahead of time.“The most interesting piece is that the attacks dropped off completely just before the chat log leak,” the researchers explained, “suggesting possible fragmentation within the group or a temporary pause while they reestablish trust and prepare to reconduct operations.”The Black Basta investigation was one of a number of findings the security vendor listed in its quarterly report on the state of ransomware attacks over the first quarter of the calendar year.
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds