Black Basta: The Fallen Ransomware Gang That Lives On
1 min read
Summary
The Russian-speaking ransomware group Black Basta is believed to have disbanded after its infrastructure was taken down and its internal data was leaked earlier this year, leaving the group “dormant”.
Cybersecurity analysts believe the group’s members will simply regroup and move on to other cybercriminal groups; some claim this has already happened, with Black Basta talent appearing in other groups including BlackSuit, INC, Lynx, Cactus and Nokoyawa.
Black Basta was highly active during its 18-month existence, targeting corporations in the healthcare and critical infrastructure sectors and utilising the double extortion method of stealing data and threatening to leak it while also encrypting a target’s systems to demand ransom payments.
The group was equally aggressive in its internal operations, openly discussing the prospect of causing harm with breaches, and developing tools to automate network infiltration, and was implicated in attacks on Russian banks, a significant no-no in its home country.
