Joint research by Corvus Insurance and Elliptic has exposed the nefarious exploits of the Russia-linked ransomware gang, Black Basta. Since its emergence in April 2022, this cybercrime syndicate has amassed a colossal $107 million in ransom payments from over 90 victims worldwide. Employing a double-extortion tactic, Black Basta orchestrates attacks where affiliates pilfer sensitive data before unleashing ransomware payloads, encrypting victims’ networks.
Double Extortion Is A Lethal Tactic
Black Basta’s modus operandi involves double extortion, compelling victims to pay ransoms under the threat of exposing stolen data on the gang’s dark web leak site. The Corvus Threat Intel team’s analysis reveals a grim reality – Black Basta’s coffers have swelled with at least $107 million in ransom payments, with individual payments surpassing $9 million. Astonishingly, 18 of these ransoms exceeded the million-dollar mark, establishing an average ransom payment of $1.2 million.
Global Impact and Modus Operandi
Operating as a Ransomware-as-a-Service entity, Black Basta emerged following the shutdown of the notorious Conti ransomware gang in June 2022. This new cybercrime syndicate swiftly gained notoriety, targeting corporate entities worldwide with a level of sophistication that raised suspicions of ties to Conti or other Russian-speaking cyber threat groups.
Notable high-profile victims in the group’s extensive list include the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, Toronto Public Library, and German defense contractor Rheinmetall. Also, the syndicate has been linked to the Russian-speaking FIN7 hacking group, adding a layer of complexity to its operations.
Black Basta’s swift rise to infamy is marked by its proficiency in infiltrating and extorting prominent victims, including Capita, a U.K. technology outsourcing firm with substantial government contracts, and ABB, a U.S. government contractor in industrial automation with revenues exceeding $29 billion. The targeted entities, some of which are silent on whether they paid ransoms, underscore the formidable and audacious nature of Black Basta’s cybercriminal empire.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: