HQ/EMEAFind out how we can help your business
An unknown entity has exposed the alleged Black Basta ransomware gang’s internal Matrix communication operation logs archive.
ExploitWhispers, the leaker who originally uploaded the stolen texts to the MEGA file-sharing network, which has since been removed, has now uploaded them to a dedicated Telegram channel.
Still, it is unclear whether ExploitWhispers is a security researcher who acquired access to the gang’s internal chat server or a dissatisfied member.
While the motive for this decision was never revealed, researchers said today that the disclosure could be directly related to the ransomware gang’s alleged attacks on Russian institutions.
An ongoing surveillance claim that the ransomware group has been entirely dormant since the beginning of the year, possibly due to internal issues.
Further research also suspects that some of its operators defrauded victims by collecting ransom payments without providing working decryptors.
On the other hand, a significant breach revealed the gang’s internal Matrix discussion logs. The leaker said they released the information because the group targeted Russian banks.
The public exposure of the Black Basta ransomware group’s communication log resembled another group’s leak.
According to reports, the stolen and leaked archive owned by the Black Basta ransomware group includes the internal chat channels from September 2023 to September last year.
The assessment of the leaked messages reveals that they contain various information. Some confirmed details included in the leak are phishing templates and email addresses to which they should be sent, bitcoin addresses, data drops, victims’ credentials, and validation of previously reported tactics.
The hacked discussions also include 367 distinct ZoomInfo links. This detail indicates the potential number of organisations targeted during this period.
Ransomware gangs frequently utilise the ZoomInfo website to exchange information about a target firm internally or with victims during negotiations.
Lastly, the leaker also revealed information about some Black Basta ransomware gang members. The verified members include Cortes (a threat actor associated with the Qakbot group), Lapa (one of the operation’s administrators), Trump (aka GG and AA), who is thought to be Oleg Nefedov, the group’s leader, and YY (Black Basta’s main administrator).
