A conversation logs allegedly owned by the Black Basta Ransomware team has leaked to the internet, exhibiting key members of Russia’s productive gang.
The conversation logs, which include over 200,000 messages extending from September 18, 2023 to September 28, 2024, were shared with the Intelligence Company Prodaft. The cyberspace company says the leak is coming amid “internal conflict” within the Black Basta team, as some members allegedly failed to provide its victims with functional decryption tools despite the payment of a ransom demand.
It is not yet known whether Laker, who uses the nickname “Exploitwhispers” on the telegram, was a member of Black Basta Gang.
Black Basta is a Ransomware productive gang of Russian language, which has been linked by the US government Hundreds of attacks on critical infrastructure and world businesseswhose publicly known victims include the US Health Organization, UK UTILITY COMPANY SOUTHERN WATER and British Outsourcing Giant Capita. The leaking conversation records give a look that has never seen the ransomware gang, including some of its unnecessary goals.
According to In a post on x by ProdaftLeaker said the hackers “crossed the line”, targeting Russian domestic banks.
“So we are committed to revealing the truth and exploring the next steps of Black Basta,” Laker wrote.
Targeted victims, farms and teenage hackers
TechCrunch has acquired a copy of Prodaft’s hacker chat records, which contain details of key members of the Ransomware gang.
These members include “YY” (Main Manager of Black Basta). “Lapa” (another of Black Basta’s main leaders). “Cortes” (a hacker attached to Qakbot Botnet). and “Trump” (also known as “AA” and “GG”).
Hacker “Trump” is believed to be a nickname used by Oleg Nefedovaka, who researcher Prodaft describe as “the main boss of the group”. The researchers linked Nefedovaka with the Ransomware Conti group, which shortly closed after the internal conversation records after the gang said, said Russia’s full invasion of Ukraine in 2022.
Basta Basta Chat Leaks also Quote a member Saying that she is 17 years old, TechCrunch has seen.
With our counting, the talks contain 380 unique links related to the company’s information hosted in Zoominfo, a data broker that collects and sells access to their businesses and employees, which the conversation records show that hackers used for hackers for the research of the companies targeting. The links also give some indications of the number of organisms targeted by the gang during the 12 -month period.
Chat logs also reveal unprecedented ideas for group functions. The messages include details of the victims of Black Basta, copies of electronic fishing patterns used in their cyberattacks, some of the farms used by the gang, encryption addresses related to ransom payments and details of the requirements ransom and negotiations of victims with hacked organizations.
We also found the hacker chat records discussing a TechCrunch article on continued QAKBOT activity, despite the previous operation of Takedown FBI aimed at hitting the infamous botnet offline.
TechCrunch also found the conversations logs called several unknown targeted organizations. This includes the failed American Fisker car giant. Cerner Corp. Health Technology Provider, which is now owned by Oracle. and the travel company based in the UK. It is not yet known whether the companies were violated and none of the companies responded to TechCrunch investigations.
The conversation logs appear to show the gang efforts to exploit security errors on Enterprise network devices, such as routers and protection walls sitting on the perimeter of a company network and acting as digital gates.
The hackers held their ability to take advantage of vulnerabilities in Citrix remote access products to break at least two networks. The gang also talked about the exploitation of vulnerable points in Ivanti, Palo Alto Networks and Fortinet Software for running Cyberettacks.
A discussion among Black Basta members also suggests that some of the teams were worried about investigating the Russian authorities in response to geopolitical pressures. While Russia has long been a safe haven for Ransomware gangs, Black Basta was also worried about the actions carried out by the US government.
The messages sent after the group’s ascension systems have warned that the FBI and CISA are “100% obliged” to get involved and could lead to organizations “taking a harsh stop at Black Basta”.
Black Basta’s dark leak fabric, which he uses to displace the victims of the State to pay the gang a league demand, was offline at the time of the publication.
