Ransomware group ‘Black Basta’ has raked in over $100M – researchers

Ransomware gang "Black Basta" rakes in over $100 million
FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

WASHINGTON — A cyber extortion gang suspected of being an offshoot of the notorious Russian Conti group of hackers has raked in more than $100 million since it emerged last year, researchers said in a report published Wednesday.

Digital currency tracking service Elliptic and Corvus Insurance in a joint report said the ransom-seeking cybercrime group known as “Black Basta” has extorted at least $107 million in bitcoin, with much of the laundered ransom payments making their way to the sanctioned Russian cryptocurrency exchange Garantex.

An attempt to reach Black Basta via its dark website was not successful. A spokeswoman for Garantex, which was sanctioned by the US Treasury in April last year, said the company welcomed initiatives “to fight cybercrime around the world” and encouraged Elliptic and others to share information about the hackers’ finances, saying suspicious funds would be blocked.

Elliptic co-founder Tom Robinson said the massive haul made Black Basta “one of the most profitable ransomware strains of all time.” He said the researchers came up with the figure by identifying known ransom payments tied to the group and tracing how the digital currency was laundered, which revealed additional payments.

Robert McArdle, a cybercrime expert with security firm TrendMicro who was not involved in the report, said the Black Basta figure was “certainly in a believable range for their operations.”

The Elliptic-Corvus report said it had also uncovered evidence tying Black Basta to the defunct Russian group “Conti.”

Conti used to be among the top ransomware gangs – operators that shook down victims either by encrypting their data and demanding money to unscramble it, by threatening to publish stolen information to the web, or both.

The Russia-based group dismantled its leak site after the Kremlin’s full-scale invasion of Ukraine in early 2022 and the posting of US bounties on its leadership that year but researchers have long suspected that the group merely reorganized and rebranded.

“Conti was perhaps the most successful ransomware gang we’ve seen,” Robinson said. The latest findings suggest that “some of the individuals responsible are replicating its success with the Black Basta ransomware,” he added.

RELATED STORIES

Ransomware attack on China’s ICBC disrupts Treasury market trades

Ransomware hit usually costs PH firm about $1M, says Fortinet

47% of hacked SE Asia firms paid ‘ransom’

Read more...