The Russian-linked Black Basta ransomware gang has collected at least $100 million in ransom payments from more than 90 victims since it emerged in April 2022, according to joint research by Corvus Insurance and Elliptic.
More than 329 victims worldwide have been targeted by the cybercrime group in double extortion attacks, in which the gang’s affiliates steal sensitive data from compromised systems before deploying ransomware payloads on targets’ networks to encrypt the systems.
The stolen data is used to pressure victims into paying ransoms under the threat of publishing it on the Black Basta dark web leak site.
“Our analysis suggests that Black Basta has received at least $107 million in ransom payments since the beginning of 2022, across more than 90 victims. The largest ransom payment received was $9 million, and at least 18 of the ransoms exceeded $1 million. The average ransom payment was $1.2 million,” said the Corvus Threat Intel team.
“Based on the number of known victims listed on the Black Basta leak site through the third quarter of this year, our data indicates that at least 35% of known Black Basta victims have paid a ransom.”
This is consistent with findings from ransomware trading firm Coveware that despite record ransomware payments in 2021, around 41% of all ransomware victims paid ransom.
Black Basta emerged as a ransomware-as-a-service (RaaS) operation in April 2022, targeting corporate entities around the world in double extortion attacks. After the infamous Conti ransomware gang ceased operations in June 2022 due to a series of embarrassing data breaches, the cybercrime syndicate split into several groups, with one faction believed to be Black Basta.
Additionally, Black Basta has also been linked to the Russian-speaking hacker group FIN7, a known financially motivated cybercrime gang active since at least 2015, also tracked as Carbanak.
Since emerging, this ransomware gang has infiltrated and extorted many high-profile victims, including the American Dental Association, Sobeys, Yellow Pages Canada, and German defense firm Rheinmetall. Black Basta’s list of victims also includes ABB, an industrial automation company and US government contractor with revenues exceeding $29 billion. None of them revealed whether they paid the ransoms requested by Black Basta.
See the original post at: CisoAdvisor, Corvus
