The FBI, CISA, HHS, and MS-ISAC have issued a joint Cybersecurity Advisory (CSA) regarding the Black <\/a>Basta ransomware<\/a> activity as part of the StopRansomware<\/a> initiative. <\/p>\n\n\n\n
“Black Basta is a ransomware-as-a-service (RaaS) variant, first identified in April 2022. Black Basta affiliates have targeted over 500 private industry and critical infrastructure entities, including healthcare organizations, in North America, Europe, and Australia.” reads the CSA<\/strong><\/a>.<\/em><\/p>\n\n\n\n
In December 2023, Elliptic and Corvus Insurance published a joint research<\/strong><\/a> that revealed the group accumulated at least $107 million in Bitcoin ransom payments since early 2022. According to the experts, the ransomware gang has infected over 329 victims, including\u00a0ABB<\/a>,\u00a0Capita<\/a>,\u00a0Dish Network<\/a>, and\u00a0Rheinmetall<\/a>.\u00a0<\/p>\n\n\n\n
The researchers analyzed blockchain transactions, they discovered a clear link between Black Basta and the\u00a0Conti Group<\/a>.<\/p>\n\n\n\n
The group mainly laundered the illicit funds through the Russian crypto exchange Garantex<\/a>.<\/p>\n\n\n\n
\u201cBlack Basta is a Russia-linked ransomware that emerged in early 2022. It has been used to attack more than 329 organizations globally and has grown to become the fourth-most active strain of ransomware by number of victims in 2022-2023.\u201d\u00a0reads\u00a0<\/a>the Elliptic\u2019s report.<\/em>\u00a0\u201cOur analysis suggests that Black Basta has received at least $107 million in ransom payments since early 2022, across more than 90 victims. The largest received ransom payment was $9 million, and at least 18 of the ransoms exceeded $1 million. The average ransom payment was $1.2 million.\u201d<\/em>
Some of the victims\u2019 ransom payments were sent by both Conti and Black Basta groups to the gang behind the\u00a0Qakbot\u00a0<\/a>malware.
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0cybercrime)<\/strong>