A productive Russian-speaking Ransomware group has earned more than $ 100 million with dozens of victims since April 2022, a new analysis has been brought to light.
Corvus Insurance used the elliptical researcher blockchain forensic tool to lift the lid on the Black Basta Group.
The tool helped it to highlight patterns in the online activities of the group, so that it could trace a large number of Bitcoin los money with a high degree of certainty.
“Our analysis suggests that Black Basta has received at least $ 107 million in ransom payments since the beginning of 2022, with more than 90 victims. The largest ransom received was $ 9 million and at least 18 of the ransom was $ 1 million. The average ransom payment was $ 1.2 million,” Corvus Insurance said.
“It should be noted that these figures are a lower limit – there are probably other ransom payments to Black Basta that still has to identify our analysis – in particular with regard to recent victims.”
Read more about Black Basta: Black Basta Ransomware -attacks linked to Fin7 Threat Actor
The analysis discovered connections between Black Basta and both the Conti Ransomware group and the Quakbot Malware.
For a long time it is suspected that Black Basta is a spur of Conti, a productive ransomware group that stopped the activities when Black Basta started. The new analysis of Corvus emphasized a considerable crossover in targeted sectors – in which both their efforts focused on production, construction/engineering, wholesaler/retail, financial services and transport and logistics companies.
It also followed a few million dollars of Bitcoin from Conti-linked portfolios to portfolios associated with black Basta.
In the meantime, Quakbot, who infects victim machines via phishing -e -emails, is often used to implement Black Basta.
“This connection between the groups is also visible on the blockchain, with parts of the ransom of some victims sent to Qakbot portfolios,” Corvus continued.
“These transactions indicate that about 10% of the ransom amount was forwarded to Qakbot, in cases where they were involved in offering access to the victim. Qakbot was disrupted in August 2023 by a multinational law enforcement operation – perhaps an explanation of a marked reduction in black Basta operations in the second half of 2023.” “