icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Black Basta Ransomware Gang's Internal Chat Logs Leak Online

Summary:
A leaker known as ExploitWhispers has released an archive of internal Matrix chat logs from the Black Basta ransomware operation, initially uploaded to MEGA before being removed and later shared on a dedicated Telegram channel. It remains unclear whether ExploitWhispers is a security researcher who infiltrated the group's chat server or a disgruntled insider. The leaker has not disclosed their motivations, but cybersecurity firm PRODAFT suggests the leak may be linked to internal conflicts within Black Basta, including allegations that some of its operators scammed victims by collecting ransom payments without providing decryption tools. On February 11, 2025, the leaker claimed to have released the data in response to Black Basta’s targeting of Russian banks, drawing parallels to the Conti ransomware leaks from 2022.

The leaked messages, covering activity from September 18, 2023, to September 28, 2024, provide a wealth of intelligence about the group’s operations. The chat logs include phishing templates, targeted email lists, cryptocurrency addresses, stolen credentials, and operational tactics. Notably, 367 ZoomInfo links were identified, likely indicating the number of companies targeted during this period. ZoomInfo is commonly used by ransomware gangs to gather intelligence on victims or share company details internally for negotiation purposes. The leaked logs also expose key figures within Black Basta, including Lapa (an administrator), Cortes (linked to the Qakbot malware group), YY (the main administrator), and Trump (aka GG and AA), identified as Oleg Nefedovaka, the gang’s leader.

Security Officer Comments:
Black Basta operates as a Ransomware-as-a-Service (RaaS) and has been active since April 2022, launching high-profile attacks against major corporations and government contractors worldwide. According to a CISA-FBI joint report, Black Basta affiliates have breached over 500 organizations between April 2022 and May 2024. Additionally, research from Corvus Insurance and Elliptic estimates that the ransomware group has extorted $100 million from over 90 victims as of November 2023.

Suggested Corrections:
Backup your data, system images, and configurations, regularly test them, and keep the backups offline: Ensure that backups are regularly tested and that they are not connected to the business network, as many ransomware variants try to find and encrypt or delete accessible backups. Maintaining current backups offline is critical because if your network data is encrypted with ransomware, your organization can restore systems.

Update and patch systems promptly: This includes maintaining the security of operating systems, applications, and firmware in a timely manner. Consider using a centralized patch management system; use a risk-based assessment strategy to drive your patch management program.

Test your incident response plan: There's nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?

Check Your Security Team's Work: Use a 3rd party pen tester to test the security of your systems and your ability to defend against a sophisticated attack. Many ransomware criminals are aggressive and sophisticated and will find the equivalent of unlocked doors.

Segment your networks: There's been a recent shift in ransomware attacks – from stealing data to disrupting operations. It's critically important that your corporate business functions and manufacturing/production operations are separated and that you carefully filter and limit internet access to operational networks, identify links between these networks, and develop workarounds or manual controls to ensure ICS networks can be isolated and continue operating if your corporate network is compromised. Regularly test contingency plans such as manual controls so that safety-critical functions can be maintained during a cyber incident.

Train employees: Email remains the most vulnerable attack vector for organizations. Users should be trained on how to avoid and spot phishing emails. Multi-factor authentication can help prevent malicious access to sensitive services.

Link(s):
https://www.bleepingcomputer.com/ne...omware-gang-s-internal-chat-logs-leak-online/

Contact Us for Threat Assistance
Back to Current Threats