November 29, 2023 at 01:20PM
Since April 2022, Black Basta, a Russia-linked ransomware gang, has obtained over $100 million from double extortion attacks on over 329 entities worldwide. Around 35% of its 90+ victims have paid ransoms, including multi-million dollar settlements. The group may originate from the disbanded Conti gang or have FIN7 ties.
**Meeting Takeaways on Black Basta Ransomware Gang**
1. **Ransom Payments Accumulated:** Black Basta has collected at least $100 million from over 90 victims since April 2022.
2. **Victim Count and Method:** Over 329 global victims have been subjected to double extortion attacks by Black Basta, which involves data theft followed by encryption with ransomware.
3. **Stolen Data Leveraging:** The gang employs stolen data to coerce victims into paying ransoms by threatening to publish it on their dark web leak site.
4. **Ransom Payment Analysis:**
– Largest single ransom recorded: $9 million
– Minimum of 18 ransoms exceeding $1 million
– Average ransom payment: Approx. $1.2 million
– An estimated 35% of Black Basta’s known victims paid a ransom
5. **Ransomware Payment Trends:* Despite a general decline in ransomware payments in 2022, Coveware reports that roughly 41% of ransomware victims end up paying.
6. **Origins and Operations:**
– Black Basta is a Ransomware-as-a-Service (RaaS) operation initiated in April 2022.
– It is speculated to have links to the defunct Conti ransomware gang and the Russian-language FIN7 (Carbanak) group.
7. **Black Basta’s Capabilities:** Noted for its quick inception, targeting at least 20 victims in its initial two weeks, the gang is considered sophisticated and experienced.
8. **Notable Targets:** High-profile entities like the American Dental Association, Sobeys, Knauf, Yellow Pages Canada, Toronto Public Library, Rheinmetall, Capita, and ABB are among those targeted. It is undisclosed if the ransoms were paid by Capita and ABB.
9. **Concerns and Suspicions:** There’s a belief that Black Basta might be a rebrand of Conti, given its sophistication and operational reluctance to recruit via dark web forums.