Black Basta gang receives over $100 million in ransom payments in less than 2 years

    The cybercrime gang Black Basta has reportedly amassed over $107 million in ransom payments since early 2022. Elliptic and Corvus Insurance’s research reveals this staggering figure, highlighting the gang’s successful infiltration of over 329 organizations. Investigators have discovered transaction records on the blockchain linking Black Basta to the infamous Conti ransomware gang, which ceased operations last year after targeting the Costa Rican government.

    Ransom Payments and Laundering Tactics

    On average, organizations paid Black Basta $1.2 million per ransom. At least 18 of these ransoms exceeded $1 million, with the highest reaching $9 million. Although Elliptic and Corvus Insurance identified around 90 victims, they believe this number represents only a portion of the total, as recent victims may have made additional unrecorded payments. A sanctioned Russian cryptocurrency exchange, Garantex, allegedly played a key role in laundering the ransom payments.

    Targeted Sectors and High-Profile Attacks

    Black Basta has shown a particular interest in targeting construction, law, and real estate sectors. The gang’s high-profile attacks include breaches of Dish Network, the American Dental Association, British company Capita, Swiss tech giant ABB, and German arms manufacturer Rheinmetall. This surge in activity has placed ransomware as the fourth most active strain in cybercrime.

    Malware Analysis and Connections

    Cybersecurity experts have linked Black Basta to the Qakbot malware, disrupted by the FBI and international law enforcement in August. They used Qakbot in their attack on Capita. Analysis shows that Black Basta often paid a portion of the ransom, about 10%, to Qakbot when it facilitated access to a victim.

    Underestimation of Earnings and Political Links

    The reported figures likely underestimate the group’s total earnings. Ransomware groups often use multiple cryptocurrency wallets to receive payments, and victims usually keep the wallet details confidential. It’s crucial to consider the reported connections between the Conti gang and the Russian government, especially their support for the invasion of Ukraine. This relationship adds a layer of complexity to the already shadowy world of these cyber operations.

    Latest articles

    Related articles