Innovation and Technology
Ransomware Gang Leak Shows Stolen Passwords And 2FA Codes
The Black Basta Chat Log Leak Reveals How Ransomware Gangs Work
Google recently warned that it’s about time we started treating cybercrime as a national security threat. If you want to know why then look no further than the ongoing chaos caused by ransomware gangs; from data theft and exposure to ever more ominous warnings to business from the FBI. It’s not often that we get to look inside the operation of a ransomware attacker, however, but that’s the opportunity presented by the leak of private internal chat logs from the Black Basta crime group. Here’s what threat intelligence analysts are saying.
The Black Basta Chat Log Leak Reveals How Ransomware Gangs Work
Although it is far from clear as to the motive or process behind the leaking of some 200,000 private messages shared between members of the Black Basta ransomware group on the Matrix messaging platform spanning the 12 months up to Sept. 2024, several theories have been put forward from a disgruntled member to a cyber-vigilante and even covert law enforcement action. What we do know is, as Alexander Martin, U.K. editor at Recorded Future News, notes, “several of the crew behind the Black Basta scheme were part of a criminal network that had formerly operated the Conti and Ryuk ransomware brands, as well as the TrickBot banking trojan.” A dozen of these people have already been sanctioned by Western law enforcement, Martin said, “which is understood to have continued to monitor their activities.”
Phishing And Brute Force Used By Ransomware Attackers
KELA, for example, has completed a deep-dive into Black Basta and now published its findings. The key takeaway being that when it comes to initial access, the first step in any successful ransomware attack, Black Basta looked to compromised Remote Desktop Protocol, VPNs and security portals primarily. Given the success of infostealer malware in obtaining compromised credentials across platforms and services, it’s no surprise to learn that this also played a key role. In one attack analyzed by KELA threat intelligence experts, credentials that had been stolen six months prior were used for initial access. Not so much evidence that ransomware groups will play the long game, but rather that infostealer logs are patiently compiled and later sold into the criminal market.
Stolen Passwords and 2FA Codes are Driving Ransomware Attacks
Unsurprisingly, threat intelligence agencies have been having a field day with analysis of the chat logs and the results have started to emerge. KELA, for example, has completed a deep-dive into Black Basta and now published its findings. The key takeaway being that when it comes to initial access, the first step in any successful ransomware attack, Black Basta looked to compromised Remote Desktop Protocol, VPNs and security portals primarily. Given the success of infostealer malware in obtaining compromised credentials across platforms and services, it’s no surprise to learn that this also played a key role. In one attack analyzed by KELA threat intelligence experts, credentials that had been stolen six months prior were used for initial access. Not so much evidence that ransomware groups will play the long game, but rather that infostealer logs are patiently compiled and later sold into the criminal market.
Conclusion
Ransomware attacks are a growing concern, and it’s clear that compromised credentials, particularly stolen passwords and 2FA codes, are playing a significant role in these attacks. As threat intelligence agencies continue to analyze the chat logs, it’s clear that ransomware gangs are adapting and evolving, using new tactics and techniques to gain initial access and ultimately extort victims. It’s crucial that enterprises and individuals take immediate action to secure their systems, implement robust access controls, and respond quickly to incidents to prevent the devastating impact of ransomware attacks.
FAQs
- What is the Black Basta ransomware group?
The Black Basta ransomware group is a criminal organization that has been involved in a number of high-profile ransomware attacks. - How do ransomware gangs gain initial access?
Ransomware gangs often use compromised Remote Desktop Protocol, VPNs, and security portals to gain initial access to a system or network. - What is infostealer malware?
Infostealer malware is a type of malware that is designed to steal sensitive information such as usernames, passwords, and authentication data for various services. - How can I protect myself from ransomware attacks?
To protect yourself from ransomware attacks, it’s crucial to implement robust access controls, regularly back up your data, and use strong passwords. Additionally, ensure that your systems and software are up to date with the latest security patches and updates.
Community Mentorship Programs Help Strengthen Local Workforce and Social Impact
Low-Code Platforms are Changing How Businesses Build Internal Technology
Microlearning in Employee Training: A Practical Approach to Workplace Skill Development
Decision-Making Frameworks Improve Strategic Leadership and Organizational Clarity
Career Ladder Programs Strengthen Workforce Development and Employee Retention
Workplace Recognition Programs Improve Organizational Culture and Employee Engagement
Why Mental Endurance is Essential for Workplace Resilience
What Informational Interviews are and Why they Matter
How Emotional Intelligence Can Help You Manage Stress and Build Resilience
Interview with Dr. Kristy K. Taylor, WORxK Global News Magazine Founder
Sarah Herrlinger Talks AirPods Pro Hearing Aid
NetWork Your Way to Success: Top Tips for Maximizing Your Professional Network
Unlocking Human Potential: Kim Groshek’s Journey to Transforming Leadership and Stress Resilience
The Power of Belonging: Why Feeling Accepted Matters in the Workplace
Health-care stocks fall after Warren PBM bill, Brian Thompson shooting
Glenda Benevides: Creating Global Impact Through Music
-
Resiliency7 months agoHow Emotional Intelligence Can Help You Manage Stress and Build Resilience
-
Career Advice1 year agoInterview with Dr. Kristy K. Taylor, WORxK Global News Magazine Founder
-
Diversity and Inclusion (DEIA)1 year agoSarah Herrlinger Talks AirPods Pro Hearing Aid
-
Career Advice1 year agoNetWork Your Way to Success: Top Tips for Maximizing Your Professional Network
-
Changemaker Interviews1 year agoUnlocking Human Potential: Kim Groshek’s Journey to Transforming Leadership and Stress Resilience
-
Diversity and Inclusion (DEIA)1 year agoThe Power of Belonging: Why Feeling Accepted Matters in the Workplace
-
Global Trends and Politics1 year agoHealth-care stocks fall after Warren PBM bill, Brian Thompson shooting
-
Changemaker Interviews12 months agoGlenda Benevides: Creating Global Impact Through Music