HQ/EMEAFind out how we can help your business
In a recent development, our iZOOlogic researchers have detected an intriguing sudden silence in the online presence of the notorious BlackBasta ransomware group. The abrupt pause of activities was brought to our attention when our team observed a notable silence on their website.
Notably, the last recorded activity transpired on January 2, during which the group targeted and added three companies to their extortion website.
The last three entities that joined the group’s victim list are Graebener Bipolar Plate Technologies, NALS Apartment Homes, and Leonard’s Express. It has been almost a week since the website’s last engagement, which raised speculations among relevant parties.
BlackBasta, notorious for its sophisticated ransomware attacks targeting high-profile corporations and organisations, has been a problem for law enforcement agencies worldwide. The sudden disappearance of their online presence has fueled speculation varying from a coordinated takedown by multiple authorities to internal technical difficulties within the cybercriminal group.
The BlackBasta ransomware group’s website may have suffered the same fate as other cybercriminal domains in the past few months.
One prevailing theory suggests that the BlackBasta ransomware group’s website may have fallen victim to a law enforcement operation targeting their infrastructure. The authorities may have successfully executed a takedown operation, seizing control of the server hosting the BlackBasta website. These actions could be plausible as international efforts to combat cybercrime have intensified recently.
Still, the lack of an official statement from law enforcement agencies has not verified any allegation as to why the site is inactive as of now. If the takedown operation had indeed happened, authorities would likely want to publicise their success to discourage other cybercriminals and showcase the effectiveness of their efforts in taking down ransomware threats.
On the other hand, our researchers came to a different conclusion since they have found evidence of the group’s recent activities. They stated that the BlackBasta ransomware website is experiencing technical difficulties as their negotiation sites are still active.
Furthermore, the group has not yet developed any mirror site as their new extortion website. Cybercriminals commonly generate new websites once authorities have controlled or shut down their domains, which has yet to happen to the group.
While the cause behind BlackBasta’s website downtime remains a mystery, one thing is clear: the extortion site is not operating normally.
Our iZOOlogic security analysts and researchers are closely monitoring this developing situation. They are waiting for any signs of resurgence or official confirmation regarding the fate of the notorious ransomware group to reveal more details of this ongoing story.
